kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,971 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

68 Commits

Author SHA1 Message Date
Tim Hockin b304fee293 Clarify a few validation messages 
Kubernetes-commit: 6d4241fe5dc7341e3207b8ab96513ab1ddeae8a2
 2022-08-12 12:33:41 -07:00
Monis Khan 25ccbfa75c Use https links for k8s KEPs, issues, PRs, etc 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b738be9b46a899571303c8c887e32bf4d5b71a0a
 2022-09-23 16:13:22 -04:00
Sally O'Malley 4f9e133507 kubelet tracing 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
Co-authored-by: David Ashpole <dashpole@google.com>

Kubernetes-commit: 47e7d8034ff3be8e198dde6a671d05a11c30e333
 2021-10-10 09:17:27 -04:00
Davanum Srinivas 7e94033a61 Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
 2022-07-19 20:54:13 -04:00
Jordan Liggitt 5f8feb467c Tolerate additional error messages in TLS unit tests 
Kubernetes-commit: cff4eeef9f1880b42b8c3d3b8f3a27a89540dbe0
 2022-03-29 08:57:31 -04:00
Stanislav Laznicka cd3019f777 webhooks, aggregation: add metrics to count certs with SHA1 signatures 
Extends the certificate attribute deprecation RoundTrippers wrapper with
a checker that counts certificates with sha-1 signatures in server responses.

Non-root non-self-signed SHA-1 certificate signatures were deprecated in
Golang 1.18.

Kubernetes-commit: 499ee65a9b0cd45d41716b513fae0d537f7f9c88
 2022-03-24 01:08:02 -04:00
Stanislav Laznicka a0f7d7ad7c webhooks: regenerate certificates for additional sha-1 signatures 
Kubernetes-commit: b2c6de170b0b880ccca0ae783bae09559f8dff04
 2022-03-25 16:52:40 +01:00
Stanislav Laznicka d98bb60d70 webhooks: gencerts.sh: add intermediate and server certs with sha-1 signatures 
Kubernetes-commit: fee08cc580e5147d11f3f12a37452f8a86cee3b8
 2022-03-25 16:52:07 +01:00
Monis Khan 2d35015235 webhook: use rest.Config instead of kubeconfig file as input 
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: fef7d0ef1e1fbff65e8d445256036704bb9dbcbd
 2021-07-23 11:15:47 -04:00
Jordan Liggitt bbc4211158 Update unit tests to handle go1.17 certificate parsing error messages 
Kubernetes-commit: 0e925f266f78d72ed05a5a2fe48faa5e2a87d107
 2021-08-17 11:24:03 -04:00
Ryan Moriarty 0741f109f6 Add a new webhook metric tracking request totals. 
Also add a 1.0s bucket boundary to the webhook latency metric.

Kubernetes-commit: 8ed1628a6e75f4029853502dbac44fdb0edac5fc
 2021-06-22 22:32:47 +00:00
David Ashpole 785c5626f9 add tracing to webhook requests 
Kubernetes-commit: 9dd59017c4c218135b12949a2bd3af07e892199a
 2021-07-08 20:13:33 -07:00
Davanum Srinivas fe1610f3fe switch from golang-lru to the one in k8s.io/utils 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0
 2021-07-07 13:45:07 -04:00
Monis Khan 5289a15a1a client-go transport: assert that final CA data is valid 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 440ea3ef49e0ac77353ceeaebc2aad6c995d5b35
 2021-05-03 10:11:54 -04:00
Stanislav Laznicka 7eb7056b38 webhooks,aggregation: add metrics to count certs missing SAN 
Adds counters to generic webhook code and to the kube aggregator
so that it is possible to effectively measure the impact of
Golang 1.15's deprecation of x509 cert CN hostname
verification.

Kubernetes-commit: 9d6a19efff05a40081337a2fcb3dce6331b04022
 2020-10-06 13:02:52 +02:00
Abu Kashem 3ba02b7f93 handle webhook authenticator and authorizer error 
webhook.WithExponentialBackoff returns an error, and the priority is:
- A: if the last invocation of the webhook function returned an error
  that error should be returned, otherwise
- B: the error associated with the context if it has been canceled or
  it has expired, or the ErrWaitTimeout returned by the wait package
  once all retries have been exhausted.

caller should check the error returned by webhook.WithExponentialBackoff
to handle both A and B. Currently, we only handle A.

Kubernetes-commit: ae2b353fbf519b29d168c534f88c373fd67a1c31
 2021-01-07 16:14:18 -05:00
Ken Sipe 0da065589a fix S1023 redundant return statement 
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: 1d795002919675b8cf3bf462b6543fef843b5b54
 2020-06-25 17:29:42 -05:00
Abu Kashem 5254108841 make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.

Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
 2020-10-30 11:25:32 -04:00
Abu Kashem 67f1bb6022 Webhook: handle error when calling wait.ExponentialBackoff 
- Inside WithExponentialBackoff function, handle error returned
by wait.ExponentialBackoff.
- Ensure that the wait time is bound to the given context.

Kubernetes-commit: f8e35de156f212b6989b465e608dd99b525bd5dc
 2020-10-26 11:37:11 -04:00
Andrew Sy Kim 6746ccadda apiserver: support egress selection name 'controlplane' and deprecate 'master' 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: a0aebf96ec2eef6517e2611335f0e6c9375dd807
 2020-10-26 10:24:16 -04:00
Gaurav Singh 43ce4f9092 Remove double import of k8s.io/apimachinery/pkg/util/net 
Kubernetes-commit: 29ceb8d5f2fc48d1fe4974110b7f60579668c00e
 2020-04-08 16:25:23 -04:00
Jefftree 13613a1c15 Address comment and remove if condition 
Kubernetes-commit: 61fa4e6c098559b65fe28c1bf55cb817697e38e5
 2020-02-27 17:18:57 -08:00
Jefftree f1c9537c7b pass Dialer instead of egressselector to webhooks 
Kubernetes-commit: 1b38199ea8b220be0b645af8a4cbdef4c87ce7fc
 2019-12-05 17:28:59 -08:00
Jefftree aa55f94611 authentication webhook via network proxy 
Kubernetes-commit: d318e52ffe0ba156a96cb5507026de6827d543ca
 2019-12-03 15:20:49 -08:00
Mike Danese 5737088b7f refactor 
Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515
 2020-01-27 18:19:44 -08:00
Jefftree 16fa20a151 network proxy with admission wh 
Kubernetes-commit: 1289bdaba41848c0d19892cc749798e540b56e8a
 2019-11-12 17:35:45 -08:00
Jordan Liggitt 8c0dc1fdf9 Ensure webhook backend requests are not artificially rate-limited 
Kubernetes-commit: d620493b7430c0f59d7393c3de8451d6a686c0c1
 2019-12-02 11:39:16 -05:00
shturec b054ff44ee custom retry strategy in GenericWebhook 
Kubernetes-commit: 4877b0b7b50bdc3eaaadd3f968fd846c1396b708
 2019-09-27 13:04:10 +03:00
Jordan Liggitt 0ca78287c0 Propagate context to ExponentialBackoff 
Kubernetes-commit: 4c686ddc1c5f9bc5c28d711dd56551b1ac003faa
 2019-09-24 09:43:04 -04:00
Jordan Liggitt 80b9dc503b Plumb service port, URL port to webhook client auth resolution 
Kubernetes-commit: d127042cb81cbf545332ec3124161525ef84183c
 2019-09-02 22:38:36 -04:00
Jordan Liggitt 2de636a948 Search client auth with and without port 
Kubernetes-commit: 2f5dde7672eaf90c7086f86a5a4ee190559f3bb2
 2019-09-02 22:38:55 -04:00
Jordan Liggitt 956977bd20 Use http/1.1 in apiserver->webhook clients 
Kubernetes-commit: ddc697866afd1e58cd2ee504277b405052546202
 2019-08-28 13:37:50 -04:00
Haowei Cai 8d86fef522 wire up the webhook rejection metrics in webhook handlers 
Kubernetes-commit: 620f5f2c587971be50cb27bb2a2d35209b3dc058
 2019-08-28 17:32:07 -07:00
Jordan Liggitt 90d670a108 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
 2019-07-12 08:44:24 -04:00
Odin Ugedal 1be6195f27 Fix file permissions for non executable files 
Normal files should have permissions 644 by default,
and does not require the last bit to be
executable

Signed-off-by: Odin Ugedal <odin@ugedal.com>

Kubernetes-commit: 35cb87f9cf71776e99a970dfff751cd29ba7ebfb
 2019-06-14 21:04:39 +02:00
Mike Danese da64b0b811 BoundServiceAccountTokenVolume: fix InClusterConfig 
Kubernetes-commit: 4198f28855cbda6dac61408fcba6f2d576a9347c
 2019-05-14 09:29:16 -07:00
Mike Danese 84cf7582e3 webhook: support exec auth plugin 
This allows webhook static kubeconfig to use an exec auth plugin to
configure authentication.

https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers

Kubernetes-commit: 8b45296661de1f12f441736ae44895ac30f320d4
 2019-04-22 19:25:11 -07:00
Mehdy Bohlool 6c13576bf2 Add port to ServiceResolvers 
Kubernetes-commit: 11f37d757fc0b710245446c80a8c9578ce2c02f1
 2019-03-01 16:32:50 -08:00
Mehdy Bohlool f06a9dc218 Add port to ServiceReference of Admission Webhooks, ConversionWebhooks and AuditSync with defaulter and validator 
Kubernetes-commit: 404e2f7a30626f02b55180bccf6a5f16bcbbfa82
 2019-03-01 14:35:42 -08:00
danielqsj 8f8d23605e fix shellcheck in k8s.io/apiserver 
Kubernetes-commit: 481c2d8e03508dba2c28aeb4bba48ce48904183b
 2019-01-24 13:55:09 +08:00
Jordan Liggitt f3ce4369fb Plumb token and token file through rest.Config 
Kubernetes-commit: dba85e58debadfcb66aff2b68ba8bcc2eafeac2d
 2018-12-04 11:24:29 -05:00
Patrick Barker 8c2cdbce6d refactors kubeapiserver webhook utility to be generic 
Kubernetes-commit: 1081fffdd5f6f523a5de0fd30e85b7208220dcb9
 2018-11-01 15:22:58 -06:00
Mehdy Bohlool 154485c3be Refactor webhookclientConfig validation of admission and audit registration 
Kubernetes-commit: 1587d189cbf27b3c2470cf1fe56e50afbde412b6
 2018-10-30 11:57:29 -07:00
Patrick Barker 53adc37659 updates shared apiserver webhook client 
Kubernetes-commit: 5874a1f8faab92aacc5503aa6dbf1c6a724f832f
 2018-10-21 10:03:28 -05:00
Christoph Blecker 92e87e143a Update gofmt for go1.11 
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
 2018-10-05 12:59:38 -07:00
Mehdy Bohlool 21f6e2bcdd Refactor addmission webhook hook client to a util package 
Kubernetes-commit: 5652d5cffadcd8a2f107b6aecf5fc06c0fc473f1
 2018-08-26 23:20:23 +10:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
Matthias Bertschy 0203b2aa93 Update all script to use /usr/bin/env bash in shebang 
Kubernetes-commit: 9b15af19b22e91284eeb89827b2091caaec25bf6
 2018-04-16 18:31:44 +02:00
David Eads bf8532c54e remove KUBE_API_VERSIONS 
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
 2018-04-25 16:07:15 -04:00
David Eads 88d943c0e6 eliminate indirection from type registration 
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
 2018-04-24 08:21:23 -04:00