kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,253 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

224 Commits

Author SHA1 Message Date
Saksham Sharma b9e05868ba Unify cloudprovided and normal KMS plugins 
Kubernetes-commit: 6a4afc897c2ed4fb80f1b6121a06f86bc8095cd8
 2017-09-01 16:37:07 +00:00
Joe Betz e1e8bebf50 Add --request-timeout to allow the global request timeout of 60 seconds to be configured. 
Kubernetes-commit: cb764756c6f152bfb866b161315369bc47ebf13c
 2017-08-29 13:18:50 +00:00
Cao Shufeng e74487ab1a set --audit-log-format default to json 
Updates: https://github.com/kubernetes/kubernetes/issues/48561

Kubernetes-commit: 130f5d10adf13492f3435ab85a50d357a6831f6e
 2017-08-29 13:18:49 +00:00
xiangpengzhao 49516f112c Remove deprecated flag "long-running-request-regexp". 
Kubernetes-commit: 72f4ab70e28a945ce25d40524696d0a486f8969e
 2017-08-29 13:18:48 +00:00
Monis Khan 504f70acec Add enj as reviewer to OWNERS 
Adding myself as a reviewer for the following areas:

- API
- auth
- registry
- storage (etcd)

Signed-off-by: Monis Khan <mkhan@redhat.com>

Kubernetes-commit: dd06794bc20ef1e0889af576c7a4f7a2f607e49d
 2017-08-29 13:16:16 +00:00
Dr. Stefan Schimanski 24a3b34c79 audit: disable new v1beta1 types until incompatible changes are done 
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
 2017-08-29 13:16:13 +00:00
m1093782566 7313c11a9e add validation for fed-apiserver 
Kubernetes-commit: f2ea31fd925f764f8c684710d9cd345663e88d17
 2017-08-29 13:16:11 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton f8c99c82f6 Autogenerate BUILD files 
Kubernetes-commit: cf55f9ed45e6df2431d47cfc5b9c9b30758527f1
 2017-08-29 13:15:23 +00:00
m1093782566 31be6bf988 validate kube-apiserver options 
Kubernetes-commit: de406f83cfafc4033a935821a05cd8d8e5f50099
 2017-08-29 13:15:23 +00:00
m1093782566 5cfd8381c1 add some checks for fedration-apiserver options 
Kubernetes-commit: 172ab88ce848d2c2e6c344535d3011d4ac558a37
 2017-08-29 13:15:23 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
bjhaid 7dfcb9c56f This adds an etcd health check endpoint to kube-apiserver 
addressing https://github.com/kubernetes/kubernetes/issues/48215.

Kubernetes-commit: 47d748c5dc989ea46142569bf42636c622fe128a
 2017-08-29 13:13:05 +00:00
Saksham Sharma fe5fc30248 Add cloudprovidedkms provider support 
Kubernetes-commit: 68a32c06b4d69970ac2489ff5177d5703ca604cd
 2017-08-01 23:56:38 +00:00
Saksham Sharma 55fe632ce2 Add unit tests for KMS transformer initialization 
Kubernetes-commit: b76c63a9f086d978532c5b7ca565cb3ccd90b32e
 2017-08-01 23:56:38 +00:00
Saksham Sharma c75b59c1cd Add KMS plugin registry 
Kubernetes-commit: 49989439d7dab525d22b73936d533ae736b50491
 2017-08-01 23:56:38 +00:00
Slava Semushin a2a05bd86f ParseEncryptionConfiguration: simplify code. 
Also improves function name in godoc and many error messages.

Kubernetes-commit: bf51722ffbfa5521b8c516b8751435f004aacacf
 2017-07-28 13:56:11 +00:00
xiangpengzhao 5f2f70a255 Validate --storage-backend type. 
Kubernetes-commit: fcf2df9ad7ea688d75b2e9abb036b9d7abcc6e7c
 2017-07-28 13:56:10 +00:00
huangjiuyuan 530dec4a81 adding validations on kube-apiserver audit log options 
Signed-off-by: huangjiuyuan <jiuyuan.huang@daocloud.io>

Kubernetes-commit: 21d0f815645ca3452719faf1ad69c63a9c3f3db2
 2017-07-19 03:49:08 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Cao Shufeng 924adf12df Add Validate() function for audit options 
Kubernetes-commit: cf8e3ccf1959942342ed0c10f6b43d46beb65e04
 2017-07-05 08:39:49 +00:00
p0lyn0mial c4948f98da incluster config will be used when creating external shared informers. 
previously the loopback configuration was used to talk to the server.
As a consequence a custom API server was unable to talk to the root API server.

Kubernetes-commit: 074544b3b024156e4ce91de5778281dbe1b47a72
 2017-06-28 00:14:31 +00:00
Saksham Sharma 205eddae2b Fix typo in secretbox transformer prefix 
Kubernetes-commit: 2c820c205073ec96acf8c0cf140db2381f377425
 2017-06-15 22:11:39 +00:00
Saksham Sharma f1876a2211 Add configuration for AESCBC, Secretbox encryption 
Add tests for new transformers

Kubernetes-commit: 13073407422c62ee2131968060c85ce8b6488de4
 2017-06-13 20:47:32 +00:00
deads2k 8401e3b61b change the default storage location to avoid double prefixing 
Kubernetes-commit: bc3434c084e405769417a08195700cd6be02211f
 2017-06-13 20:47:32 +00:00
Clayton Coleman fcc6b93d70 Load initializers from dynamic config 
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.

Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).

Kubernetes-commit: 772ab8e1b4163c17d285a2789321762a8f2dc9f3
 2017-06-13 20:47:31 +00:00
Jordan Liggitt 8ab96afbb9 Avoid * in filenames 
Kubernetes-commit: b5e5e93201ccbc1b4ed1da0378c1f550508bfc4f
 2017-06-13 20:47:31 +00:00
Clayton Coleman 5fa08b8c5e Allow initialization of resources 
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.

Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.

Initialization is currently alpha.

Kubernetes-commit: 331eea67d8000e5c4b37e2234a90903c15881c2f
 2017-06-13 20:47:30 +00:00
Saksham Sharma 0b1c13686c Add configuration options for encryption providers 
Add location transformer, config for transformers

Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.

Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.

Add new files to BUILD, AEAD => k8s-aes-gcm

Use group resources to select encryption provider

Update tests for configuration parsing

Remove location transformer

Allow specifying providers per resource group in configuration

Add IdentityTransformer configuration option

Fix minor issues with initial AEAD implementation

Unified parsing of all configurations

Parse configuration using a union struct

Run configuration parsing in APIserver, refactor parsing

More gdoc, fix minor bugs

Add test coverage for combined transformers

Use table driven tests for encryptionconfig

Kubernetes-commit: 9760d00d08ef0619e30a7b1b90fd290cab960069
 2017-06-13 20:47:30 +00:00
Jordan Liggitt efae6ed84b Pre-generate SNI test certs 
Kubernetes-commit: 6554dfc4456869e299b8f6a8f686e8c3cee073d9
 2017-06-13 20:47:30 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend 
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
 2017-06-13 20:47:30 +00:00
p0lyn0mial 42d367c84c register all generic admission plugins when AdmissionOptions are created. 
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*

move registration to AdmissionOptions

Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
 2017-06-13 20:47:29 +00:00
deads2k 10de73bc53 move CRD behind TPR 
Kubernetes-commit: 18177e2bdeafbddeb3d66fec0b8cb88794cd69ff
 2017-06-13 20:47:29 +00:00
Tim St. Clair 8ff532a4cb Implement audit policy logic 
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
 2017-06-13 20:47:28 +00:00
p0lyn0mial ecba80695f remove init blocks from all admission plugins 
Kubernetes-commit: c5019bf6962475ffff94ef4993bdc651b79f650c
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel 
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00
p0lyn0mial b10e93e2f5 bazel update 
Kubernetes-commit: 7b0950b298c876668d469d4b5b2ad7a4dcd344fc
 2017-05-16 17:27:51 +00:00
p0lyn0mial ceeef3670c This PR implements AdmissionOptions.ApplyTo 
ApplyTo adds the admission chain to the server configuration the method lazily initializes a generic plugin
that is appended to the list of pluginInitializers.

apiserver.Config will hold an instance of SharedInformerFactory to ensure we only have once instance.
The field will be initialized in apisever.SecureServingOptions

Kubernetes-commit: 8cea69aa9812d6627ebdfa4f8b9c1d7624a8f3f5
 2017-05-16 17:27:50 +00:00
deads2k 49f3eb05d8 refactor names for the apiserver handling chain 
Kubernetes-commit: 4389f715768661731f0aae7438b2cc8414c9746a
 2017-05-12 17:30:09 +00:00
Dr. Stefan Schimanski 234a9303e9 apiserver: tri-state watch cache capacity: off, default, value 
Kubernetes-commit: b799e62e1aa82a1f1ff87597e762734cd702cdee
 2017-05-12 17:30:09 +00:00
Dr. Stefan Schimanski e640e78936 apiserver: fix --tls-sni-cert-key doc string 
Kubernetes-commit: 53365880086f0d0d53002de7ce816284da41f4d0
 2017-05-12 17:30:08 +00:00
xiangpengzhao 1512c30ca6 Delete "hard-coded" default value in flags usage. 
Kubernetes-commit: 420caf200cdb1ba41d6af43c5695c29de2082851
 2017-04-29 20:35:54 +00:00
p0lyn0mial fdb6bac0df bazel update 
Kubernetes-commit: 4a3dcff3bfb49317cee8fb209f6b915fc9e82f1a
 2017-04-21 20:35:37 +00:00
p0lyn0mial 3422dafac7 Split out AdmissionOptions 
In the long term AdmissionOptions will accepts various dependencies
and spit out AdmissionControl

Kubernetes-commit: de9706bc15ffc3a6a4ef30a00d5c7ea9a8881396
 2017-04-21 20:35:37 +00:00
Mike Danese 2aab760a2a autogenerated 
Kubernetes-commit: a05c3c0efdc5822049e34b1a5a1ee259c5fb1906
 2017-04-15 20:35:23 +00:00
Dr. Stefan Schimanski 320e34b1d9 pkg/admission: make plugin registry non-global 
Kubernetes-commit: 63f547e1b15ed94ef91c69a7e294b3506bd8c918
 2017-04-12 20:35:22 +00:00
deads2k 38fb6e78f7 move legacy insecure options out of the main flow 
Kubernetes-commit: cd297546807fc08546905a2b96879d13bcf3a30b
 2017-03-31 20:37:15 +00:00
deads2k c2afcd59a6 move insecure options to kubeapiserver 
Kubernetes-commit: c2f8ef1b1a4e0e60379b7b7447d59a87b0b0ccf9
 2017-03-31 20:37:15 +00:00
deads2k b3af46c0dc wire in aggregation 
Kubernetes-commit: 8e26fa25da6d3b1deb333fe2484f794795d1c6b9
 2017-03-31 20:37:15 +00:00
deads2k 8c644986dc require codecfactory 
Kubernetes-commit: 087a03022106c02f82a497f65b945f3cbab3f643
 2017-03-31 20:37:15 +00:00
deads2k 91f0fac434 force callers to specify the cert dns names 
Kubernetes-commit: f31eb0a77f0616a5c4c3477b6d87a5a6726845cc
 2017-03-31 20:37:15 +00:00
deads2k 1e6581d944 use - to indicate audit log goes to system out 
Kubernetes-commit: 91f461283ec25dd43d55db97f981723a94f208b8
 2017-03-31 20:37:15 +00:00
Jordan Liggitt 0f41d276a9 Force etcd2 to use application/json, add base64-wrapper decoder as fallback 
Kubernetes-commit: 87e32c75321bad09707683cb15d6a0c41f4b6f0d
 2017-03-18 19:56:09 +00:00
Andy Goldstein 33e10a040b Add pprof trace support 
Add pprof trace support and --enable-contention-profiling to those
components that don't already have it.

Kubernetes-commit: b011529d8a1486bc2316a049db35759086d2994b
 2017-03-18 19:56:09 +00:00
deads2k 8aacf17ba5 allow incluster authentication info lookup 
Kubernetes-commit: 3d039f60cf998746a95181cacf5d3d69b83b46b0
 2017-03-18 19:56:09 +00:00
deads2k 9c5ae42f4d add aggregation integration test 
Kubernetes-commit: 5cfe26dece13c77bd17fd10e47d2c00bf5da9b6d
 2017-03-18 19:56:09 +00:00
deads2k 7170396682 tweak defaults for recommended apiserver options 
Kubernetes-commit: acba2cbd6d188a34f4c3032c933921ba22a0f77c
 2017-03-18 19:56:08 +00:00
Dr. Stefan Schimanski 954f7be538 apiserver: self-signed in-memory cert for loopback 2017-02-27 15:10:34 -05:00
deads2k 1e2d8fe122 remove cycle that snuck into tests 2017-02-23 09:48:09 -05:00
Dr. Stefan Schimanski 73c30cda7e staging/src/*: run gofmt 2017-02-23 09:48:09 -05:00
Dr. Stefan Schimanski 585aca0c2c k8s.io/apiserver: straighten EtcdOptions, backend Config and kube RESTOptionsFactory 2017-02-16 08:03:03 -05:00
deads2k 147d3934cf auto-create the loopback token 2017-02-14 14:04:06 -05:00
deads2k c2c4ecb2ff create sample-apiserver repo for people to inspect 2017-02-13 07:36:42 -05:00
deads2k 9d21f84d8f streamline etcd options for aggregated api server 2017-02-13 07:36:42 -05:00
deads2k 5566a0ef65 move storage serialization type to etcd options 2017-02-13 07:36:42 -05:00
deads2k 2e34520350 add feature enablement options to recommendedoptions 2017-02-13 07:36:42 -05:00
deads2k 8c39f8c871 move --runtime-config to kubeapiserver 2017-02-13 07:36:42 -05:00
deads2k d3c1c03062 move auditoptions to separate struct 2017-02-13 07:36:42 -05:00
deads2k aed020968e add recommended aggregated api server options 2017-02-13 07:36:42 -05:00
deads2k 284a95797b apiserver command line options lead to config 2017-02-13 07:36:41 -05:00
Dr. Stefan Schimanski 6025c228e6 pkg/storage/etcd: cut off pkg/api scheme 2017-02-02 09:36:48 -05:00
deads2k c4b078bb1d move apiserver options 2017-02-02 09:36:48 -05:00