kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,015 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

199 Commits

Author SHA1 Message Date
Jordan Liggitt c7c9a358c2 etcd2 code cleanup, remove deserialization cache 
Kubernetes-commit: c8db31b84adc40aa875917fbca27b2a787902088
 2018-10-15 22:17:44 -04:00
Eric Chiang 13ab2dca08 Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.

Kubernetes-commit: 766f5875bfa0d8ce4d52cdb87d12faea527e1492
 2018-10-11 18:11:15 -07:00
Jordan Liggitt bd604a62aa Remove deprecated --etcd-quorum-read flag 
Kubernetes-commit: cff79c542130831f4a212099974570244a0c9586
 2018-10-08 11:04:28 -04:00
Christoph Blecker 92e87e143a Update gofmt for go1.11 
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
 2018-10-05 12:59:38 -07:00
Solly Ross 41e5031224 Populate ClientCA in delegating auth setup 
kubernetes/kubernetes#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code.  This restores it.

Kubernetes-commit: 65cea86e4413cb5899c3b89bda375bb326de5093
 2018-10-04 12:48:18 -04:00
Jordan Liggitt 3b6fc08803 Remove etcd2 storage backend 
Kubernetes-commit: 85ae79500fba7d6e51292b12daff829027b59872
 2018-10-01 16:48:14 -04:00
immutablet e9bce895cf Lazily dial kms-plugin. 
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
 2018-09-12 14:56:44 -07:00
Dr. Stefan Schimanski 1a58e1c6ad apiserver: make InClusterConfig errs for delegated authn/z non-fatal 
Kubernetes-commit: 04e793e65ad70df5c4ab280c42740864e54163cd
 2018-09-05 09:12:19 +02:00
Dr. Stefan Schimanski c8f47fd79c apiserver: fix misleading delegated authn/z warnings 
Kubernetes-commit: 059fce63b755ef6052db273fd6c91f3090036389
 2018-09-05 09:11:45 +02:00
Justin Santa Barbara ecbc9eada2 Fix grammar in secure-port flag help 
The phrasing made it difficult to understand the message.

Kubernetes-commit: c0ded2d9f5beb5eb02b356076166c365073a639a
 2018-08-30 18:50:26 -04:00
Dr. Stefan Schimanski c726863192 apiserver: make not-found external-apiserver-authn configmap non-fatal 
Kubernetes-commit: 5d56e791bb932cc297de08db302540684e6f9d4c
 2018-08-24 18:30:58 +02:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code. 
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
 2018-07-05 13:57:17 +02:00
Dr. Stefan Schimanski 16d4968bf9 authn/z: optionally opt-out of mandatory authn/authz kubeconfig 
Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb
 2018-08-22 11:56:07 +02:00
David Eads 34ff0933dd expose generic storage factory primitives 
Kubernetes-commit: 81b9213ac2cc7744b8a62ac42b269b97c1d17b5a
 2018-08-27 10:45:52 -04:00
Dr. Stefan Schimanski cfb1e16b55 apiserver: unify handling of unspecified options in authn+z 
Kubernetes-commit: 0ede948e47d33474a4e30c845d7896c58a319e39
 2018-08-21 16:42:13 +02:00
Dr. Stefan Schimanski a8bd1ddbf7 delegated authz: add AlwaysAllowPaths mechanism to exclude e.g. /healthz 
Kubernetes-commit: 6142e2f8f7c8b1c5d32a2f9aa3715ea0b5baf167
 2018-08-17 17:03:16 +02:00
hangaoshuai c27f181946 add unit test func TestServerRunOptionsValidate 
Kubernetes-commit: cdef8029d4aea52e607da4101ad44b1b4163f869
 2018-08-22 10:19:13 +08:00
hangaoshuai 7e18a5d0a6 add unit test func TestToAuthenticationRequestHeaderConfig 
Kubernetes-commit: 0da04d61ab4b70817083c8208af12397b818546a
 2018-08-22 10:18:30 +08:00
hangaoshuai 769565b214 add unit test func TestAPIEnablementOptionsValidate 
Kubernetes-commit: 73ee10495b5be414b9fae718e5129765c7c3ed19
 2018-08-22 10:17:58 +08:00
hangaoshuai c872082b0a add unit test func TestEtcdOptionsValidate and TestParseWatchCacheSizes 
Kubernetes-commit: 67a1d53bd74265637718b67c80f48a26b6e653cf
 2018-08-22 10:17:26 +08:00
Dr. Stefan Schimanski a549f2934f kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 
Kubernetes-commit: d787213d1b8802d370032d17157ac1de7573ad15
 2018-08-06 16:31:23 +02:00
Dr. Stefan Schimanski 3698d7a898 apiserver: move controller-manager's insecure config into apiserver 
Kubernetes-commit: 1d9a896066b3e10e8c1a0d506e00bc354b7772f0
 2018-08-16 20:47:15 +02:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00
fqsghostcloud 0fc525d3c8 fix typo 
fix typo

Kubernetes-commit: 18f1ad7dc5392cb4537fa33bd73cdb8dc2c1e523
 2018-08-13 17:36:15 +08:00
Chao Wang b0b043eda2 list the default enabled admission plugins 
Kubernetes-commit: ee96a5638d21f0da111b1106a82976cc59bbbf67
 2018-08-06 17:25:24 +08:00
Tripathi 4e7be504bf Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA 
This commit prevents extension API server from erroring out during bootstrap when the core
API server doesn't support certificate based authentication for it's clients i.e. client-ca isn't
present in extension-apiserver-authentication ConfigMap in kube-system.

This can happen in cluster setups where core API server uses Webhook token authentication.

Fixes: https://github.com/kubernetes/kubernetes/issues/65724

Kubernetes-commit: db828a44406efe09e2db91e6dc88d1292c9a29e1
 2018-07-18 15:07:09 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests 
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
 2018-07-27 14:06:29 +08:00
Dr. Stefan Schimanski 4c6f8fdc17 apiserver: make loopback logic in SecureServingOptions reusable 
Kubernetes-commit: dc0a736d1ea924dfa35ece64cb59d551c2a0b51f
 2018-07-04 17:08:23 +02:00
Dr. Stefan Schimanski 55957fdc66 apiserver: add SecureServingOptions.ExternalAddress 
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.

Kubernetes-commit: c1c564fd4d21dd68ea14d7ea678d8619f47fe445
 2018-07-06 12:32:01 +02:00
Dr. Stefan Schimanski fa6b67b429 apiserver: use fixtures for self-signed certs in test server 
Kubernetes-commit: 7deccb5b7a7c5224d3d90e1391dd22b2d1f1b9b9
 2018-07-06 12:04:38 +02:00
Clayton Coleman 9cfed8df8c Convert TestServerRunWithSNI to subtests to isolate flake 
This test is flaking - make it easier to pin down where and why by
converting to subtests and making cleanup logic easier. Also turn an
ignored listen error into a "fatal".

Make the test run in parallel to speed up individual runs and hopefully
flush out issues.

Kubernetes-commit: 09463975c379114ef9cd42d3c7efb6254b2c3b33
 2018-07-09 21:32:15 -04:00
Dr. Stefan Schimanski ad29bd83ae kube-apiserver: disallow --secure-port 0 
Kubernetes-commit: e15ac9eb72c4e105e7a3d84711e5a6056c0f6a48
 2018-07-06 12:58:59 +02:00
Dr. Stefan Schimanski 25a00cd3c1 apiserver: get rid of ReadWritePort in config 
Kubernetes-commit: e32f380fa5df4361894570787814d0459baada93
 2018-07-04 17:01:49 +02:00
Dr. Stefan Schimanski 5746122767 apiserver: don't create self-signed certs with disabled secure serving 
Kubernetes-commit: 798535164ae11a7e3c036ed7793aa884942edc88
 2018-07-04 19:09:26 +02:00
Cao Shufeng 8fe5561ce7 [trivial] fix option help message. 
s/andif/and if/

Kubernetes-commit: 42b93ab7244765dd744257a793b0b9c138146bb3
 2018-06-13 09:07:34 +08:00
Mikhail Mazurskiy 0f7bbcadfb Add missing error handling in schema-related code 
Kubernetes-commit: bfe313d5f351dfae086a85a97e7103183173e5b5
 2018-06-03 14:59:58 +10:00
Tim Allclair 554c4f1986 Fix MaxAge default audit log option 
Kubernetes-commit: 3dae49c6977526aba09dc070639ebc789b458411
 2018-06-18 14:36:50 -07:00
Dr. Stefan Schimanski 65f0646df4 apiserver: add context to authn/authz kubeconfig errors 
Kubernetes-commit: 99eda24de01c8b1b84b54cb763b540de35084ade
 2018-06-14 15:30:25 +02:00
Jordan Liggitt 8d6d8aa36e Use actual etcd client for /healthz/etcd checks 
Kubernetes-commit: b39cd00982c1696d8ae8afc99931919894044ee2
 2018-06-12 14:33:48 -04:00
Victor Garcia 37be5e4c9f Possible cipher suites values and tls versions in help for apiserver and kubelet 
Kubernetes-commit: 3dfa22e3fd8c650789176b9f4a8e46ab43ef5ebf
 2018-01-24 22:51:27 -05:00
hangaoshuai f38497678f add checks validation MinRequestTimeout of ServerRunOptions 
Kubernetes-commit: ba20be9911091f16bb3987815172b3a348754fc2
 2018-04-26 16:02:31 +08:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
tamal b534ae405b Don't panic is admission options is nil 
Kubernetes-commit: bc04c091c3ca0320a6fa83ef35f891d21423afbb
 2018-05-05 11:59:28 -07:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
 2018-03-23 16:13:34 +01:00
hzxuzhonghu 490c9a96c3 fix typo 
Kubernetes-commit: 549fb0cad39daa74c528f7f775d627f908785b61
 2018-04-04 16:03:17 +08:00
Dr. Stefan Schimanski 1075399c96 apiserver: enforce shared RequestContextMapper in delegation chain 
Kubernetes-commit: 9f906618f04baceaf923e873530f9741e80ad2cb
 2018-04-04 10:05:06 +02:00
Dr. Stefan Schimanski 28595d407b apiserver: add warning about not trusting authz of aggregator 
Kubernetes-commit: 50b98169ede9648769ce471150b1ab9ceb06bc0c
 2018-03-19 13:37:52 +01:00
Mik Vyatskov b2b70701e1 Make advanced audit output version configurable. 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: ad25d1f9ec398e5f9e91fd225cbbfdc5aa00973f
 2018-02-19 21:15:49 +01:00
hzxuzhonghu 240b9cf032 remove unused rls-ca-file flag 
Kubernetes-commit: 9c0803e14c0d76e2e8225db546c0d2ce0b522ab7
 2018-03-20 15:26:31 +08:00
hzxuzhonghu 422369e23b move EtcdServersOverrides to EtcdOptions flags validate 
Kubernetes-commit: f380ac8cec8061bf6533ccecd02ec49d9a5b016f
 2018-03-05 11:32:59 +08:00