kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,031 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
RainbowMango 5f565617cd Add metrics of authentication overall latency. 
Add alpha tags to authentication_attempts explicitly.

Kubernetes-commit: 0c0d69e8be69fd2e1c62a292ed44be6c0d4158fc
 2019-09-04 20:50:24 +08:00
Jordan Liggitt d1d66bda16 Propagate context to Authorize() calls 
Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915
 2019-09-24 10:06:32 -04:00
Ted Yu a64485969d Verify the response audience matches one of apiAuds 
Kubernetes-commit: d66d0472057dc59dff5ac686aea4304e5fe2eded
 2019-09-13 06:41:23 -07:00
RainbowMango a9e8b3830d Add authentication metrics: overall failure and error count 
Kubernetes-commit: a7ac3b9bbe3f3e35117bd7109997e58ce467f0a9
 2019-08-16 19:30:43 +08:00
David Eads ad3b19aeee add cache-control headers to kube-apiserver 
Kubernetes-commit: f589c1213c8ba4fa0e31c523b2e9dcc27298084f
 2019-08-26 09:39:29 -04:00
Han Kang 3e6e1db500 add some documentation around the metrics stability migration changes for clarity 
Kubernetes-commit: 4e5d906c4d008f914b0ede26ea91533d6343dec5
 2019-08-26 19:15:30 -07:00
Han Kang b9084e350a migrate kube-apiserver metrics to stability framework 
Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123
 2019-08-22 15:38:42 -07:00
Jordan Liggitt fd78427347 Populate API version in synthetic authorization requests 
Kubernetes-commit: 2899abb65cf459d6ab1d61f24fe82555f87a306f
 2019-07-10 21:29:25 -04:00
Clayton Coleman e4e8608ba0 Use CodecFactory.WithoutConversion() everywhere 
Clarifies that requesting no conversion is part of the codec factory, and
future refactors will make the codec factory less opionated about conversion.

Kubernetes-commit: 7f9dfe58f4cbe1e1b9e80f52addff70bac87bed4
 2019-04-03 13:24:37 -04:00
Justin SB bf98046128 Remove executable file permission from OWNERS files 
Kubernetes-commit: dd19b923b7c26420af39fcf4eedfa213b236c8d3
 2019-01-03 12:18:20 -05:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
Daniel Kłobuszewski 877329b0f3 Add option to k8s apiserver to reject incoming requests upon audit failure 
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
 2018-07-03 14:40:55 +02:00
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
Mike Danese 1692373df9 move audience context functions to authenticator package 
Kubernetes-commit: 817cf70191b73d1ee9f4e7af83089e5854e5131d
 2018-10-31 14:50:11 -07:00
Samuel Davidson d8ee4bc0cb Revert "limit forbidden error to details of what was forbidden" 
This reverts commit ecbd0137957b4afd4cdd94c0209998228fd70e99.

Kubernetes-commit: 294e02ed4b341fe9497cdfadb93cf19f1e64243f
 2018-10-26 15:58:09 -07:00
Ibrahim AshShohail 47845b88c3 Update usages of http.ResponseWriter.WriteHeader to use http.Error 
Signed-off-by: Ibrahim AshShohail <me@ibrasho.com>

Kubernetes-commit: 2fb3ba71f196031e9b36095d64c921cacc54f44e
 2018-10-08 22:20:52 +03:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface. 
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
 2018-10-15 15:17:36 -07:00
xichengliudui 21f232e065 Remove duplicate words 
Kubernetes-commit: e39448237370df37d2f77bf98cf951a19b1e5b6c
 2018-10-15 15:55:49 -04:00
Mike Danese 37ab80320b tokenreview: add APIAudiences config to generic API server and augment context 
Kubernetes-commit: 21fd8f204128a7847786927b460d95be34a6dbde
 2018-10-09 22:04:52 -07:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code. 
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
 2018-07-05 13:57:17 +02:00
Jordan Liggitt 3dc9519ac3 limit forbidden error to details of what was forbidden 
Kubernetes-commit: ecbd0137957b4afd4cdd94c0209998228fd70e99
 2018-08-20 15:36:39 -04:00
Jake Sanders 41bff9cd5e Escape illegal characters in remote extra keys 
Signed-off-by: Jake Sanders <jsand@google.com>

Kubernetes-commit: f35e3d07c9898f8ec156209a868fa4451eb9afe2
 2018-07-03 21:19:15 -07:00
Mike Danese cd0258b4d7 replace request.Context with context.Context 
Kubernetes-commit: 54fd2aaefd11e12a3ecb6d1a1326f04cdc8ea1a3
 2018-04-24 08:10:34 -07:00
Jordan Liggitt 25758bf0f8 Remove request context mapper 
Kubernetes-commit: 8ea88a5092c767fc3141512db924fd0435f7670e
 2018-04-18 11:12:15 -04:00
Cao Shufeng e8101c4ca7 Log rbac info into advanced audit event 
Kubernetes-commit: e87c2c9f27f7f9756a8b664d118d357b166bbd14
 2018-01-22 15:19:15 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Wang Guoliang 32fe314a1e fix some syntax related errors 
Kubernetes-commit: d065157dd74fa02eec87f5849528b079a3736c3d
 2018-02-11 19:50:49 +08:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
WanLinghao 2eee1977e7 modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go 
Kubernetes-commit: 983435bdcec2aa130243108820c5c928ed2f8bf3
 2018-01-31 14:21:42 +08:00
Cao Shufeng 2a2505e824 remove duplicated import 
Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3
 2018-01-11 19:15:11 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Cao Shufeng f7e881914a support micro time for advanced audit 
Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d
 2017-09-25 11:56:30 +08:00
Maciej Szulik 6959d4a79a Fill in creationtimestamp in audit events 
Kubernetes-commit: 3dd3e7aa5243228b49211f4bb40022a719cc57ac
 2017-09-09 21:44:33 +00:00
CaoShufeng 5d22e67a97 enhance unit tests of advance audit feature 
This change does three things:
    1. use auditinternal for unit test in filter stage
    2. add a seperate unit test for Audit-ID http header
    3. add unit test for audit log backend

Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
 2017-09-09 21:44:30 +00:00
Cao Shufeng 4905dd9b0c Provide a way to omit Event stages in audit policy 
Updates https://github.com/kubernetes/kubernetes/issues/48561
This provide a way to omit some stages for each audit policy rule.

For example:
  apiVersion: audit.k8s.io/v1beta1
  kind: Policy
  - level: Metadata
    resources:
       - group: "rbac.authorization.k8s.io"
         resources: ["roles"]
    omitStages:
      - "RequestReceived"

RequestReceived stage will not be emitted to audit backends with
previous config.

Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f
 2017-09-04 14:03:48 +00:00
David Eads 9f885389e9 make url parsing in apiserver configurable 
Kubernetes-commit: ccc7c9bdfa80caee93953a96dec0d689d93f08e5
 2017-09-04 14:03:48 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Cao Shufeng d781318aca audit real impersonated user info 
Log the newest impersonated user info in the second audit event. This
will help users to debug rbac problems.

Kubernetes-commit: 1c3dc52531b7761921c8855cafc58b669da111f1
 2017-09-03 14:04:13 +00:00
Maciej Szulik 677d724b3a Allow audit to log authorization failures 
Kubernetes-commit: 9fef244d4ccce0ea8daf37ab86a7af4892d000cf
 2017-09-03 14:04:12 +00:00
Cao Shufeng 9ab155429e Split APIVersion into APIGroup and APIVersion in audit events 
audit.Event.ObjectRef.APIVersion currently holds both the the API group and
version, separated by a /. This change break these out into separate fields.

This is part of:
https://github.com/kubernetes/kubernetes/issues/48561

Kubernetes-commit: c57eebfe2f8d36361d510f0afd926777a44cccd2
 2017-09-01 16:38:54 +00:00
Cao Shufeng 81eb3429e7 remove useless argument "name" 
Kubernetes-commit: 2e97611bc62b88c48777d6209a0ed28d17d0e52d
 2017-08-29 13:16:16 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh 
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
 2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1 
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
 2017-08-29 13:16:13 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Cao Shufeng 4ace90bfb4 Return Audit-Id http header for trouble shooting 
Kubernetes-commit: 4a1e7ddaa6e0d2e92ce27d9846cfc8407e1fcb60
 2017-08-29 13:14:38 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00