kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,567 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

31 Commits

Author SHA1 Message Date
Lukasz Szaszkiewicz 513afab811 expose RunOnce method on RequestHeaderAuthRequest controller 
Kubernetes-commit: f3a7f057c423caf77b0c5315d7728727c4b35bde
 2020-04-28 15:35:17 +02:00
Lukasz Szaszkiewicz 07cdc792bb provides DynamicRequestHeaderController that combines DynamicCAFromConfigMapController and RequestHeaderAuthRequestController into one controller 
the unified controller will dynamically fill RequestHeaderConfig struct

Kubernetes-commit: cb4b4cb5a6ffdf1c7f199e644a8b5cac2367d504
 2020-04-28 12:48:21 +02:00
Monis Khan 7fa523535d Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: df292749c9d063b06861d0f4f1741c37b815a2fa
 2020-03-11 14:31:31 -04:00
Vincent C 27ae2b291d replaced tokenaccessreview with tokenreview 
Kubernetes-commit: b410f77d3140ebc19037e6089d0d45980f0c6edf
 2020-02-19 22:41:35 +08:00
Mike Danese 337d7943db generated: run refactor 
Kubernetes-commit: 3aa59f7f3077642592dc8a864fcef8ba98699894
 2020-02-07 18:16:47 -08:00
David Eads 0de0bb0422 dynamic reload cluster authentication info for aggregated API servers 
Kubernetes-commit: 3aede35b3b042e8a626e8fb9e1e181e73cd29d0a
 2019-11-04 13:46:28 -05:00
Jordan Liggitt 086ad4b0b9 Switch kubelet/aggregated API servers to use v1 tokenreviews 
Kubernetes-commit: 5ef4fe959a45e423d2b992e9c21e6e9db4b950c5
 2019-11-04 22:41:32 -05:00
David Eads 84d21cfff4 wire up a means to dynamically reload ca bundles for kube-apiserver 
Kubernetes-commit: 6beb96261e29754f2b7d0e44829eb6d15422cebf
 2019-10-07 14:06:42 -04:00
David Eads 703545a3db add the ability for dynamic header names in delegated authentication 
Kubernetes-commit: 58256346693717fd12f121f0cf74fe1e003edb0f
 2019-10-03 12:56:42 -04:00
David Eads eee025a27a add ability to authenticators for dynamic update of certs 
Kubernetes-commit: 51195dd86012c4c4b17a1707ef50a46fa046f74f
 2019-09-05 09:59:59 -04:00
David Eads 1702e95788 fix typo in warning advice for permissions 
Kubernetes-commit: 1105e4e0d1c0e78e2a203a136e9f8bcaff5c36ab
 2019-01-04 09:58:06 -05:00
Jordan Liggitt 232ebfaeaf Allow kube-scheduler to tolerate cluster auth config lookup failure 
Kubernetes-commit: 416e11421590838f0022242bff1db10da595b074
 2018-12-05 13:51:06 -05:00
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
Solly Ross 41e5031224 Populate ClientCA in delegating auth setup 
kubernetes/kubernetes#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code.  This restores it.

Kubernetes-commit: 65cea86e4413cb5899c3b89bda375bb326de5093
 2018-10-04 12:48:18 -04:00
Dr. Stefan Schimanski 1a58e1c6ad apiserver: make InClusterConfig errs for delegated authn/z non-fatal 
Kubernetes-commit: 04e793e65ad70df5c4ab280c42740864e54163cd
 2018-09-05 09:12:19 +02:00
Dr. Stefan Schimanski c8f47fd79c apiserver: fix misleading delegated authn/z warnings 
Kubernetes-commit: 059fce63b755ef6052db273fd6c91f3090036389
 2018-09-05 09:11:45 +02:00
Dr. Stefan Schimanski c726863192 apiserver: make not-found external-apiserver-authn configmap non-fatal 
Kubernetes-commit: 5d56e791bb932cc297de08db302540684e6f9d4c
 2018-08-24 18:30:58 +02:00
Dr. Stefan Schimanski 16d4968bf9 authn/z: optionally opt-out of mandatory authn/authz kubeconfig 
Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb
 2018-08-22 11:56:07 +02:00
Dr. Stefan Schimanski cfb1e16b55 apiserver: unify handling of unspecified options in authn+z 
Kubernetes-commit: 0ede948e47d33474a4e30c845d7896c58a319e39
 2018-08-21 16:42:13 +02:00
Tripathi 4e7be504bf Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA 
This commit prevents extension API server from erroring out during bootstrap when the core
API server doesn't support certificate based authentication for it's clients i.e. client-ca isn't
present in extension-apiserver-authentication ConfigMap in kube-system.

This can happen in cluster setups where core API server uses Webhook token authentication.

Fixes: https://github.com/kubernetes/kubernetes/issues/65724

Kubernetes-commit: db828a44406efe09e2db91e6dc88d1292c9a29e1
 2018-07-18 15:07:09 -07:00
Dr. Stefan Schimanski 65f0646df4 apiserver: add context to authn/authz kubeconfig errors 
Kubernetes-commit: 99eda24de01c8b1b84b54cb763b540de35084ade
 2018-06-14 15:30:25 +02:00
Dr. Stefan Schimanski 28595d407b apiserver: add warning about not trusting authz of aggregator 
Kubernetes-commit: 50b98169ede9648769ce471150b1ab9ceb06bc0c
 2018-03-19 13:37:52 +01:00
Dr. Stefan Schimanski 0520d284e2 controller-manager: add authz/n to options, nil by default 
Kubernetes-commit: cecd663c21d139a3a5a15b43a8dda8de26180246
 2018-02-08 14:19:02 +01:00
Dr. Stefan Schimanski 338a852bbb apiserver: make SecureServingOptions and authz/n options re-usable 
Kubernetes-commit: 4e0114b0dd3701b68c02d038edcf4fbe84515a68
 2018-01-31 16:17:48 +01:00
Dr. Stefan Schimanski a063c5336d apiserver: avoid panics on nil sub-option structs 
Kubernetes-commit: b153268da79d2acf14e042945959801c3dba8221
 2017-09-09 21:44:32 +00:00
Dr. Stefan Schimanski 8ec769da6b apiserver: allow disabling authz/n via options 
Kubernetes-commit: dffe50f8bd820295f7f1fbc56a6269b6b8c6966b
 2017-09-09 21:44:32 +00:00
deads2k 8aacf17ba5 allow incluster authentication info lookup 
Kubernetes-commit: 3d039f60cf998746a95181cacf5d3d69b83b46b0
 2017-03-18 19:56:09 +00:00
deads2k 7170396682 tweak defaults for recommended apiserver options 
Kubernetes-commit: acba2cbd6d188a34f4c3032c933921ba22a0f77c
 2017-03-18 19:56:08 +00:00
deads2k c2c4ecb2ff create sample-apiserver repo for people to inspect 2017-02-13 07:36:42 -05:00
deads2k 284a95797b apiserver command line options lead to config 2017-02-13 07:36:41 -05:00
deads2k c4b078bb1d move apiserver options 2017-02-02 09:36:48 -05:00