kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,253 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

224 Commits

Author SHA1 Message Date
Tripathi 4e7be504bf Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA 
This commit prevents extension API server from erroring out during bootstrap when the core
API server doesn't support certificate based authentication for it's clients i.e. client-ca isn't
present in extension-apiserver-authentication ConfigMap in kube-system.

This can happen in cluster setups where core API server uses Webhook token authentication.

Fixes: https://github.com/kubernetes/kubernetes/issues/65724

Kubernetes-commit: db828a44406efe09e2db91e6dc88d1292c9a29e1
 2018-07-18 15:07:09 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests 
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
 2018-07-27 14:06:29 +08:00
Dr. Stefan Schimanski 4c6f8fdc17 apiserver: make loopback logic in SecureServingOptions reusable 
Kubernetes-commit: dc0a736d1ea924dfa35ece64cb59d551c2a0b51f
 2018-07-04 17:08:23 +02:00
Dr. Stefan Schimanski 55957fdc66 apiserver: add SecureServingOptions.ExternalAddress 
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.

Kubernetes-commit: c1c564fd4d21dd68ea14d7ea678d8619f47fe445
 2018-07-06 12:32:01 +02:00
Dr. Stefan Schimanski fa6b67b429 apiserver: use fixtures for self-signed certs in test server 
Kubernetes-commit: 7deccb5b7a7c5224d3d90e1391dd22b2d1f1b9b9
 2018-07-06 12:04:38 +02:00
Clayton Coleman 9cfed8df8c Convert TestServerRunWithSNI to subtests to isolate flake 
This test is flaking - make it easier to pin down where and why by
converting to subtests and making cleanup logic easier. Also turn an
ignored listen error into a "fatal".

Make the test run in parallel to speed up individual runs and hopefully
flush out issues.

Kubernetes-commit: 09463975c379114ef9cd42d3c7efb6254b2c3b33
 2018-07-09 21:32:15 -04:00
Dr. Stefan Schimanski ad29bd83ae kube-apiserver: disallow --secure-port 0 
Kubernetes-commit: e15ac9eb72c4e105e7a3d84711e5a6056c0f6a48
 2018-07-06 12:58:59 +02:00
Dr. Stefan Schimanski 25a00cd3c1 apiserver: get rid of ReadWritePort in config 
Kubernetes-commit: e32f380fa5df4361894570787814d0459baada93
 2018-07-04 17:01:49 +02:00
Dr. Stefan Schimanski 5746122767 apiserver: don't create self-signed certs with disabled secure serving 
Kubernetes-commit: 798535164ae11a7e3c036ed7793aa884942edc88
 2018-07-04 19:09:26 +02:00
Cao Shufeng 8fe5561ce7 [trivial] fix option help message. 
s/andif/and if/

Kubernetes-commit: 42b93ab7244765dd744257a793b0b9c138146bb3
 2018-06-13 09:07:34 +08:00
Mikhail Mazurskiy 0f7bbcadfb Add missing error handling in schema-related code 
Kubernetes-commit: bfe313d5f351dfae086a85a97e7103183173e5b5
 2018-06-03 14:59:58 +10:00
Tim Allclair 554c4f1986 Fix MaxAge default audit log option 
Kubernetes-commit: 3dae49c6977526aba09dc070639ebc789b458411
 2018-06-18 14:36:50 -07:00
Dr. Stefan Schimanski 65f0646df4 apiserver: add context to authn/authz kubeconfig errors 
Kubernetes-commit: 99eda24de01c8b1b84b54cb763b540de35084ade
 2018-06-14 15:30:25 +02:00
Jordan Liggitt 8d6d8aa36e Use actual etcd client for /healthz/etcd checks 
Kubernetes-commit: b39cd00982c1696d8ae8afc99931919894044ee2
 2018-06-12 14:33:48 -04:00
Victor Garcia 37be5e4c9f Possible cipher suites values and tls versions in help for apiserver and kubelet 
Kubernetes-commit: 3dfa22e3fd8c650789176b9f4a8e46ab43ef5ebf
 2018-01-24 22:51:27 -05:00
hangaoshuai f38497678f add checks validation MinRequestTimeout of ServerRunOptions 
Kubernetes-commit: ba20be9911091f16bb3987815172b3a348754fc2
 2018-04-26 16:02:31 +08:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
tamal b534ae405b Don't panic is admission options is nil 
Kubernetes-commit: bc04c091c3ca0320a6fa83ef35f891d21423afbb
 2018-05-05 11:59:28 -07:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
 2018-03-23 16:13:34 +01:00
hzxuzhonghu 490c9a96c3 fix typo 
Kubernetes-commit: 549fb0cad39daa74c528f7f775d627f908785b61
 2018-04-04 16:03:17 +08:00
Dr. Stefan Schimanski 1075399c96 apiserver: enforce shared RequestContextMapper in delegation chain 
Kubernetes-commit: 9f906618f04baceaf923e873530f9741e80ad2cb
 2018-04-04 10:05:06 +02:00
Dr. Stefan Schimanski 28595d407b apiserver: add warning about not trusting authz of aggregator 
Kubernetes-commit: 50b98169ede9648769ce471150b1ab9ceb06bc0c
 2018-03-19 13:37:52 +01:00
Mik Vyatskov b2b70701e1 Make advanced audit output version configurable. 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: ad25d1f9ec398e5f9e91fd225cbbfdc5aa00973f
 2018-02-19 21:15:49 +01:00
hzxuzhonghu 240b9cf032 remove unused rls-ca-file flag 
Kubernetes-commit: 9c0803e14c0d76e2e8225db546c0d2ce0b522ab7
 2018-03-20 15:26:31 +08:00
hzxuzhonghu 422369e23b move EtcdServersOverrides to EtcdOptions flags validate 
Kubernetes-commit: f380ac8cec8061bf6533ccecd02ec49d9a5b016f
 2018-03-05 11:32:59 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Tim Allclair d89e8e9460 Fix default auditing options. 
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
 2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff 
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
 2018-03-10 17:44:20 +08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
 2018-02-22 19:52:33 +01:00
Mike Spreitzer aa5d4f9f32 Fixes for HTTP/2 max streams per connection setting 
This PR makes two changes.  One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection.  If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250).

The other change is to make the recommended options for an aggregated
api-server set this limit to 1000.  The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).

Fixes #60042

Kubernetes-commit: 201c11f147c85b029665915bee3a62eea19d6d57
 2018-02-19 14:18:07 -05:00
Marek Grabowski e36f8069aa Add a metric exposing number of objects per type 
Kubernetes-commit: f6e9ebffa2df10f7792fbea0a0fbe5ab8e388a26
 2018-02-12 15:58:57 +00:00
hzxuzhonghu 45ac728887 set default enabled admission plugins by official document 
Kubernetes-commit: 27f3fd2d79d2d669ddecdd987c8b099f1f43ce38
 2018-01-23 20:12:10 +08:00
steveperry-53 2aca9afa1d sync: squashed up to merge cc7cea74ae668cd401d99cc472569605cb640517 in b3099bcf532bc470ff7075e93025b8741da09be4 2018-02-27 01:30:07 +00:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
David Eads bf5feefec3 add an admission decorator chain 
Kubernetes-commit: 1ae856484b8a827b7ce6018ddfa103493a2cb97d
 2018-02-14 09:27:25 -05:00
Dr. Stefan Schimanski 89b7bf377a Update generated files 
Kubernetes-commit: 5483ab7679dd055422131fd1c22a18eee39a775e
 2018-02-08 19:37:08 +01:00
Dr. Stefan Schimanski 0520d284e2 controller-manager: add authz/n to options, nil by default 
Kubernetes-commit: cecd663c21d139a3a5a15b43a8dda8de26180246
 2018-02-08 14:19:02 +01:00
Dr. Stefan Schimanski 338a852bbb apiserver: make SecureServingOptions and authz/n options re-usable 
Kubernetes-commit: 4e0114b0dd3701b68c02d038edcf4fbe84515a68
 2018-01-31 16:17:48 +01:00
hzxuzhonghu 808a483472 pass listener in integration test to prevent port in use flake 
Kubernetes-commit: a6c43c6a5ca7cc4449684d5e68d73773be91cd41
 2018-01-29 11:58:23 +08:00
Wu Qiang 43cefec1d0 Update endpoint value in test code 
Kubernetes-commit: 31f74303fc48df5d88105c9742a103eae742f478
 2018-02-09 01:23:25 +00:00
Wu Qiang be4ee1ba37 Remove configfile for kms in encryption config 
Kubernetes-commit: 5ae61ed386e3fbc3b7e91d343afadadd52ac027d
 2018-01-26 11:53:24 +00:00
Wu Qiang a32d2bb427 Update for review comments 
Kubernetes-commit: 2e7af38d6b4c8ed9e1fb23930b98ed8d2ad68aa0
 2018-01-25 05:39:48 +00:00
Wu Qiang 580a800cad Only support unix socket for kms gRPC, also add Version method 
Kubernetes-commit: a6368bb04c1100d1dce1c6bf680056882835b395
 2017-12-18 09:29:56 +00:00
Wu Qiang e4061faec3 Fix verify error and address review comments 
Signed-off-by: Wu Qiang <qiang.q.wu@oracle.com>

Kubernetes-commit: 16b04d68b1ae180d61ea4ca06d1c8139c25a652f
 2017-11-15 11:20:12 +08:00
Wu Qiang dbe35e5c4e Update kms provider config for gRPC client service 
Kubernetes-commit: 31fb539f1735debd38e705fcb96a05ea0313c5f5
 2017-11-14 09:05:52 +00:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
hzxuzhonghu 9e657b874d deprecate insecure http flags and remove already deprecated public-address-override 
Kubernetes-commit: 24c687fdad009fec01703ae0f93ab141b97c0028
 2018-01-30 16:05:33 +08:00
David Eads 0989af6244 remove --tls-ca-file which had no effect 
Kubernetes-commit: 114711f77d1f12e10b1190db02ca17302992f5ad
 2018-01-29 10:29:14 -05:00
David Eads b16b687dc5 generated 
Kubernetes-commit: 4ce7bcced4cc68a833759a218f9c3be7f72fd1c0
 2018-01-19 11:55:55 -05:00
David Eads 6b198535d6 add options for min tls levels 
Kubernetes-commit: ad1680347071cb5bb66ab49c7325eb21d83e143c
 2018-01-19 11:50:47 -05:00
hzxuzhonghu 7eedbab968 run update bazel and staging-godep 
Kubernetes-commit: eff1f20ff14cc450968788974d77b472c82fface
 2018-01-20 17:21:44 +08:00
hzxuzhonghu f5af0796fc pass APIEnablement through apiserver chain 
Kubernetes-commit: 2f403b7ad18a179514f1de77e29f1a2549ef030a
 2017-12-21 11:27:20 +08:00
hzxuzhonghu 215ca01104 run update bazel 
Kubernetes-commit: 5c9e020d7dfb369d3cdfb765baa3dff922d8e83d
 2018-01-13 18:09:47 +08:00
hzxuzhonghu d395a1e811 update admission test cases 
Kubernetes-commit: 82c3d2492cb43f9f81e8a18e1dce2e8ab7e4e56a
 2018-01-15 14:58:09 +08:00
hzxuzhonghu b636311708 refactor admission flag: add two admission flags and make plugins auto in recommended order 
Kubernetes-commit: 7c5f9e0bbaff15570f1709e70b7fa6952395d7cd
 2018-01-15 14:58:57 +08:00
Jordan Liggitt e090ce7de2 Fix loading structured admission plugin config 
Kubernetes-commit: 34328ea87dc9ac61bd036228102c952017cb81d0
 2018-01-18 02:32:28 -05:00
Victor Garcia 08a8cccb0a Adding support for custom TLS ciphers in api server and kubelet 
Kubernetes-commit: d7dbc96c70d480f0b81cd83ae3abd34b69c1e70d
 2017-07-12 23:49:41 -07:00
Dr. Stefan Schimanski 574b95f04b admission: do not leak admission config types outside of the plugins 
Kubernetes-commit: 1a552bbe149373c056ee004304d7e5abaa89f4c6
 2017-11-27 14:44:04 +01:00
Yu Liao 3365692578 sync: squashed up to merge eb7be2699bcbecb2703d3c046b27c2a8e8b1b6dd in 188e6ebcdbcfd0617dc12e51e8e6a66ce89f3955 2018-01-13 19:39:22 +00:00
Dr. Stefan Schimanski 551699fb67 Pass RecommendedConfig into ExtraAdmissionInitializers 
Kubernetes-commit: 5a3cfd27ed818b971f36032d85e2de2db586a4e5
 2018-01-02 09:32:04 +01:00
Dr. Stefan Schimanski 73975eaf19 Simplify extra initializer logic 
Kubernetes-commit: a8127df3bb396717b4fb2a7f688c1f98e6bef6b4
 2017-12-20 12:17:44 +01:00
xuzhonghu 82b64e7264 add admission into RecommendedOption 
Kubernetes-commit: 6149df089e2667fefb740e408ece883fd76dd40e
 2017-12-01 11:07:28 +08:00
hzxuzhonghu 0f7253ee99 validate admission-control param 
Kubernetes-commit: 64a7c60e00a1f6cf92710415e0e3dee133ebab7c
 2017-11-30 14:34:36 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Saksham Sharma 0d11a9c252 Use []byte in place of string in envelope.Service. 
Kubernetes-commit: 5005a541d6b5b7d950ed621d9c9fd247abb9b4af
 2017-11-07 04:24:53 +05:30
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
 2017-11-30 18:47:48 +01:00
Chao Xu 53b8960359 move the MutatingAdmissionWebhook to the last in the mutating amdission 
plugin chain.

Kubernetes-commit: 8e8e32fa05f02331f724930933dfa34be995247c
 2017-11-17 14:16:37 -08:00
Kubernetes Submit Queue e16244b0bc Merge pull request #55812 from deads2k/admission-17-external 
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Make versioned types for webhook admission config

Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414.

@kubernetes/sig-api-machinery-pr-reviews
@ericchiang as promised.  fyi.

```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
  configuration:
    kind: WebhookAdmission
    apiVersion: apiserver.config.k8s.io/v1alpha1
    kubeConfigFile: /path/to/my/file
```

`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`

Kubernetes-commit: 25ebf875b4235cb8f43be2aec699d62e78339cec
 2017-12-07 04:34:43 +00:00
hzxuzhonghu 170e8ac6dd pass listener to genericapiserver 
Kubernetes-commit: 6ba30f678c232793430a98770e7a851f1e814fd2
 2017-11-16 13:32:12 +08:00
Dr. Stefan Schimanski 2ee052ccdf admission: make metrics compositional and move to metrics sub-package 
Kubernetes-commit: baba0c827bfddfdc56b69c88e19406966ef900a2
 2017-11-17 11:49:55 +01:00
Daniel Smith 4406561b46 add detail to flag help 
Kubernetes-commit: 2956314cde74f0481be1da6107cc266f56127173
 2017-11-17 15:22:53 -08:00
Chao Xu 1b638a5be7 generated bazel 
Kubernetes-commit: 6193360eb52b00727df08f67eb8fc364a8df85e9
 2017-11-15 16:21:28 -08:00
Chao Xu cb8d15718f Adding the mutating webhook 
Kubernetes-commit: ea123f82aae5bc46b9a91c4543c8f742d0db52da
 2017-11-14 16:36:28 -08:00
Chao Xu f88f0f12a1 Reorganize the admission webhook code. 
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.

Kubernetes-commit: 1adfacc7eb41da109e970a9c2985fd55b4cbbdfd
 2017-11-05 18:11:47 -08:00
hzxuzhonghu c37db061da remove redundant code in admission initializer 
Kubernetes-commit: 9d1e6d3e2cc25db8e07db446d00390059c8264f8
 2017-11-08 10:54:06 +08:00
Chao Xu 3843f2885c remove the nesting directory webhook/webhook 
Kubernetes-commit: ca8131877ad4fcab76388360e04ff9eb05af41a4
 2017-10-26 14:19:49 -07:00
David Eads 3cb246ace6 move webhook admission to generic apiserver 
Kubernetes-commit: 8c1fe1f61a1de754a2cfed1966f4a1f8024ca618
 2017-10-24 08:48:05 -04:00
David Eads d3f753a815 update admission webhook to accept client config 
Kubernetes-commit: 0859798e8e278ec382dcbeb77914f40bf2c78a2c
 2017-10-18 12:57:59 -04:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
hzxuzhonghu 670d5651ed rename test file name 
Kubernetes-commit: 81d87466c89772c11b460cdb02df488ffb58d770
 2017-09-29 14:51:55 +08:00
xiangpengzhao 19cfabed24 Mark etcd-quorum-read as deprecated. 
Kubernetes-commit: 2a454dcea0b867bab44796a86a8b27f04b49528d
 2017-10-12 19:42:12 +08:00
p0lyn0mial 136304ddb2 removes k8s.io/kubernetes/pkg/api dependency from the webhook plugin. 
Kubernetes-commit: fa96700b76de3df759b3dddb747da575c909acec
 2017-10-09 22:15:25 +02:00
Chao Xu 9074f20eb7 generated 
Kubernetes-commit: bbac32c299eb0660e89870a7fbc698c79af04b51
 2017-10-04 17:27:09 -07:00
Chao Xu 9696b0c05e move initializer to the generic apiserver 
move k8s.io/kubernetes/plugin/pkg/admission/initialization to
k8s.io/apiserver/pkg/admission/plugin/initialization/initialization.go;
move k8s.io/kubernetes/pkg/kubeapiserver/admission/configuration to
k8s.io/apiserver/pkg/admission/configuration.

Kubernetes-commit: 89a0511fcb22caf23427587c026952b2a387f293
 2017-10-04 16:54:08 -07:00
Dr. Stefan Schimanski 3cfc602704 apimachinery: mechanical removal of ObjectCopier plumbing 
Kubernetes-commit: 509df603b18d356777176953e5d160b6f3d0bba9
 2017-10-06 13:30:12 +02:00
p0lyn0mial f189d35f0e removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer. 
Kubernetes-commit: 6b1f1d14148fe3962594d8f4c9ca15d1c6171819
 2017-10-03 18:08:30 +02:00
Hitoshi Mitake a7bf68f0d6 storage, etcd3: add an option for configuring interval of compaction requests from apiserver 
This commit adds an option for controlling request of compaction to
etcd3 from apiserver. There is a situation that apiserver cannot fully
own its etcd cluster (e.g. sharing it with canal). In such a case,
apiserver should have limited access in terms of etcd's auth
functionality so it don't have a priviledge to issue compaction
requests. It means that the compaction requests should be issued by
other component and apiserver's compaction requests are needless.

For such use cases, this commit adds a new flag
`storagebackend.Config.CompactionInterval`. If the flag is non 0,
apiserver issues the compaction requests like current behaviour (the
default is 5 minutes). If it is 0, apiserver doesn't issue the
requests. It can be configured with a newly added option of apiserver
`--etcd-compaction-interval`.

Kubernetes-commit: 87d4d3e92be6b93517f189082b0451cee6957ee5
 2017-09-01 14:06:25 +09:00
p0lyn0mial 941c87ca76 moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver 
Kubernetes-commit: 475493ced69f47dd78d72ff98bf2c5853fc5ea19
 2017-09-27 22:05:34 +02:00
p0lyn0mial 1c446c37e3 adds two new fields to AdmissionOption. 
The first one being RecommendedPluginOrder the second one being DefaultOffPlugins.
In case a cluster-admin did not provide plugin names they will be derived from these fields.

Kubernetes-commit: 7a92947588070a8eedd0bf50edcfbf0fcc1d4096
 2017-08-24 21:36:39 +02:00
tengqm 65c833f23a Fix apiserver help message 
Kubernetes-commit: acad74670dd1167ea0e90b2eeef6946d3871bdbf
 2017-09-04 17:22:25 +08:00
Clayton Coleman 644d9a8cf1 Allow watch cache to be disabled per type 
Currently setting watch cache size for a given resource does not disable
the watch cache. This commit adds a new `default-watch-cache-size` flag
to map to the existing field, and refactors how watch cache sizes are
calculated to bring all of the code into one place. It also adds debug
logging to startup to allow us to verify watch cache enablement in
production.

Kubernetes-commit: fc2d201e155296f311ae0a9278b00dcae2d68708
 2017-09-09 21:44:33 +00:00
Dr. Stefan Schimanski 9f41d17af2 Update bazel 
Kubernetes-commit: fbd310dbc7312fcae4267dd64326a1e7b4a0a8ae
 2017-09-09 21:44:32 +00:00
Dr. Stefan Schimanski a063c5336d apiserver: avoid panics on nil sub-option structs 
Kubernetes-commit: b153268da79d2acf14e042945959801c3dba8221
 2017-09-09 21:44:32 +00:00
Dr. Stefan Schimanski 97e22b00fa apiserver: split core API creation from secure serving 
Kubernetes-commit: 2b64d3a0fd2ccdad4b2f21acb484a36e04381856
 2017-09-09 21:44:32 +00:00
Dr. Stefan Schimanski 75cf96f31e apiserver: stratify versioned informer construction 
Kubernetes-commit: ca3f7453464f6866a3bf467c8b9d8e132484cfb4
 2017-09-09 21:44:32 +00:00
Dr. Stefan Schimanski 8ec769da6b apiserver: allow disabling authz/n via options 
Kubernetes-commit: dffe50f8bd820295f7f1fbc56a6269b6b8c6966b
 2017-09-09 21:44:32 +00:00
Cao Shufeng d2f7a0c820 Log a warning when --audit-policy-file not passed to apiserver 
Kubernetes-commit: 3b91f1cc0d32278a9baf2a4b9b4e416cbfb2457f
 2017-09-09 21:44:31 +00:00
Cao Shufeng 0c7ac2906f set AdvancedAuditing feature gate to true by default 
Kubernetes-commit: 1388426898f46de5e8730c3f71ce3ccaf50337b8
 2017-09-09 21:44:30 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Clayton Coleman 460257fd61 Server side implementation of paging for etcd3 
Add a feature gate in the apiserver to control whether paging can be
used. Add controls to the storage factory that allow it to be disabled
per resource. Use a JSON encoded continuation token that can be
versioned. Create a 410 error if the continuation token is expired.

Adds GetContinue() to ListMeta.

Kubernetes-commit: 8952a0cb722b77459cf2701632a30f5b264f5aba
 2017-09-03 14:04:12 +00:00