9a6c2541ac
Ensure we log the flag apiserver starts with.
...
Trying to make sure we always log the flags an instance of apiserver
starts with.
This can be especially valuable for emailed logs or e2e/kubemark tests.
Kubernetes-commit: 366459aee84a4de1f0342a464bd479a5d12e6f0f
2017-09-08 10:00:50 -07:00
548cb7f4e2
move specialDefaultResourcePrefixes out of vendor/k8s.io/apiserver
...
Kubernetes-commit: 0084d70b56fb0b262f75f1b837001be04a694fb6
2017-09-07 10:19:30 +08:00
65c833f23a
Fix apiserver help message
...
Kubernetes-commit: acad74670dd1167ea0e90b2eeef6946d3871bdbf
2017-09-04 17:22:25 +08:00
7b23343a61
conversion-gen: make staging dirs independent of living in vendor/
...
Kubernetes-commit: f5451127512e42294564efae97d4cb669df54f49
2017-09-22 11:42:06 +00:00
d7e7a0ab18
Update the test under audit policy
...
Kubernetes-commit: ea1694eab1a1b251b31ce006cc48594a7eb05add
2017-09-22 11:42:06 +00:00
0f62a50c16
etcd3 store: retry w/live object on conflict
...
In GuaranteedUpdate, if it was called with a suggestion (e.g. via the
watch cache), and the suggested object is stale, perform a live lookup
and then retry the update.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Kubernetes-commit: bf33df16b52508974ddedacd814010cfe0fb79f0
2017-09-22 11:42:06 +00:00
8fc21589fe
Increase sliding window to 5hr for request_latencies metric
...
Kubernetes-commit: e1ba3da16c9bebccb3902952d56b59f2e2dbb900
2017-09-22 11:42:05 +00:00
24ccf40372
Add extra steps to delete resource handler trace
...
Kubernetes-commit: 6089cadab3d136455b1b4376d819464fb0d2379a
2017-09-22 11:42:05 +00:00
7d0b0b91fc
Report "resource" scope where possible
...
Also rename the variables to match the concept
Kubernetes-commit: c13a3c03201c9082c4b373b7af8b99d7effd5a62
2017-09-22 11:42:04 +00:00
7727b5a3a8
Report scope on all apiserver metrics
...
Counting list of namespaces is != list across all namespaces (same for
latency)
Kubernetes-commit: 545aba778d5d039a3b8a0f0939fdf8f8261ae1a8
2017-09-22 11:42:04 +00:00
4c578f11a1
Normalize WATCHLIST to WATCH in metrics
...
This causes confusion and doesn't match what we authorize on
Kubernetes-commit: 5e46d5b5450f7e7db87e860440f1bb1f8f523ffa
2017-09-22 11:42:04 +00:00
644d9a8cf1
Allow watch cache to be disabled per type
...
Currently setting watch cache size for a given resource does not disable
the watch cache. This commit adds a new `default-watch-cache-size` flag
to map to the existing field, and refactors how watch cache sizes are
calculated to bring all of the code into one place. It also adds debug
logging to startup to allow us to verify watch cache enablement in
production.
Kubernetes-commit: fc2d201e155296f311ae0a9278b00dcae2d68708
2017-09-09 21:44:33 +00:00
6959d4a79a
Fill in creationtimestamp in audit events
...
Kubernetes-commit: 3dd3e7aa5243228b49211f4bb40022a719cc57ac
2017-09-09 21:44:33 +00:00
221a6a181e
A policy with 0 rules should return an error
...
Kubernetes-commit: 0ad4282fd0b31e1d12b711696efb134bdc2f83cc
2017-09-09 21:44:32 +00:00
9f41d17af2
Update bazel
...
Kubernetes-commit: fbd310dbc7312fcae4267dd64326a1e7b4a0a8ae
2017-09-09 21:44:32 +00:00
a063c5336d
apiserver: avoid panics on nil sub-option structs
...
Kubernetes-commit: b153268da79d2acf14e042945959801c3dba8221
2017-09-09 21:44:32 +00:00
97e22b00fa
apiserver: split core API creation from secure serving
...
Kubernetes-commit: 2b64d3a0fd2ccdad4b2f21acb484a36e04381856
2017-09-09 21:44:32 +00:00
75cf96f31e
apiserver: stratify versioned informer construction
...
Kubernetes-commit: ca3f7453464f6866a3bf467c8b9d8e132484cfb4
2017-09-09 21:44:32 +00:00
8ec769da6b
apiserver: allow disabling authz/n via options
...
Kubernetes-commit: dffe50f8bd820295f7f1fbc56a6269b6b8c6966b
2017-09-09 21:44:32 +00:00
e4b1b0656b
apiserver: make config completion structural recursion
...
Kubernetes-commit: 1bcea54104cb7f53e58924dd5413cf4ba7ceb587
2017-09-09 21:44:32 +00:00
d2f7a0c820
Log a warning when --audit-policy-file not passed to apiserver
...
Kubernetes-commit: 3b91f1cc0d32278a9baf2a4b9b4e416cbfb2457f
2017-09-09 21:44:31 +00:00
e69ddb7b01
fix format of forbidden messages
...
Kubernetes-commit: 95738d5a0eeb179325858e52ff83ff86de6fce0b
2017-09-09 21:44:31 +00:00
702960b762
Provide field info in storage configuration
...
Kubernetes-commit: 1fde2698ec152901856062eb89cc5d2742925ce2
2017-09-09 21:44:30 +00:00
5d22e67a97
enhance unit tests of advance audit feature
...
This change does three things:
1. use auditinternal for unit test in filter stage
2. add a seperate unit test for Audit-ID http header
3. add unit test for audit log backend
Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
2017-09-09 21:44:30 +00:00
0c7ac2906f
set AdvancedAuditing feature gate to true by default
...
Kubernetes-commit: 1388426898f46de5e8730c3f71ce3ccaf50337b8
2017-09-09 21:44:30 +00:00
26f73b45d4
fix docstring of advanced audit policy
...
Kubernetes-commit: 22f4c1ad4db102d66ec829a64ab601919f2019f5
2017-09-05 14:03:27 +00:00
433a5a01a7
audit: fix fuzzer
...
Kubernetes-commit: 58dd0879a754baff151913184ab5e1cd924fb19d
2017-09-05 14:03:26 +00:00
3827624a56
generated: update API resources
...
./hack/update-codegen.sh
./hack/update-generated-protobuf.sh
Kubernetes-commit: b50acbdf0152f59e5fd6b065560aed4f85717a7a
2017-09-04 14:03:48 +00:00
4905dd9b0c
Provide a way to omit Event stages in audit policy
...
Updates https://github.com/kubernetes/kubernetes/issues/48561
This provide a way to omit some stages for each audit policy rule.
For example:
apiVersion: audit.k8s.io/v1beta1
kind: Policy
- level: Metadata
resources:
- group: "rbac.authorization.k8s.io"
resources: ["roles"]
omitStages:
- "RequestReceived"
RequestReceived stage will not be emitted to audit backends with
previous config.
Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f
2017-09-04 14:03:48 +00:00
9f885389e9
make url parsing in apiserver configurable
...
Kubernetes-commit: ccc7c9bdfa80caee93953a96dec0d689d93f08e5
2017-09-04 14:03:48 +00:00
92f836da87
update generated protobuf for audit v1beta1 api
...
Kubernetes-commit: ea519bc06020d2b2a68fa46a3f57c9d66827659d
2017-09-04 14:03:47 +00:00
eaf131e1fc
Provide whole delegate chain to kube aggregator
...
Kubernetes-commit: 7cbdb90890ac89ec15be2b21b5cbdc51e94e42d6
2017-09-04 14:03:46 +00:00
3c2866020c
Switch audit output to v1beta1
...
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
2017-09-03 14:04:14 +00:00
56e7f5b9c2
expose discovery information on scalable resources
...
Kubernetes-commit: 65d0f188f68f6428ccc0a776adff496d972faa56
2017-09-03 14:04:14 +00:00
d781318aca
audit real impersonated user info
...
Log the newest impersonated user info in the second audit event. This
will help users to debug rbac problems.
Kubernetes-commit: 1c3dc52531b7761921c8855cafc58b669da111f1
2017-09-03 14:04:13 +00:00
6a1592b4e4
update initializer names to valid ones in tests
...
Kubernetes-commit: 85ee09e4c901e9fcf725bb4797ea2b3c278ee96c
2017-09-03 14:04:13 +00:00
460257fd61
Server side implementation of paging for etcd3
...
Add a feature gate in the apiserver to control whether paging can be
used. Add controls to the storage factory that allow it to be disabled
per resource. Use a JSON encoded continuation token that can be
versioned. Create a 410 error if the continuation token is expired.
Adds GetContinue() to ListMeta.
Kubernetes-commit: 8952a0cb722b77459cf2701632a30f5b264f5aba
2017-09-03 14:04:12 +00:00
677d724b3a
Allow audit to log authorization failures
...
Kubernetes-commit: 9fef244d4ccce0ea8daf37ab86a7af4892d000cf
2017-09-03 14:04:12 +00:00
c5c5445b49
basic logging for healthz installer
...
- InstallHandler is the public interface through which all interaction
occurs.
- It is good to know whether the default ping is occurring to know due
to manual installation or automatic installation.
- It is good to know how many handlers are installed to see whether
code changes are taking effect.
- It is good to know the names of the handlers that are installed to
make sure that a handler a user thinks is installed is being
installed at runtime.
- Print all the checkers once
Kubernetes-commit: efa66227d4fbcfad9fec21755b898f5d10d3344c
2017-09-03 14:04:11 +00:00
b4c851a534
generated
...
Kubernetes-commit: ed8adf6e51d76b3652be3b433b2dab590f1ff1f0
2017-09-03 14:04:11 +00:00
a50d8a0b4f
add selfsubjectrulesreview api
...
Kubernetes-commit: f14c1384387ac196e87334b5a0e05e01d7581387
2017-09-03 14:04:10 +00:00
626d406dd0
run hack/update-codecgen.sh and hack/update-bazel.sh
...
Kubernetes-commit: f94ca49e6307a7a668a7f5eb037891ac2045e167
2017-09-01 16:38:54 +00:00
9ab155429e
Split APIVersion into APIGroup and APIVersion in audit events
...
audit.Event.ObjectRef.APIVersion currently holds both the the API group and
version, separated by a /. This change break these out into separate fields.
This is part of:
https://github.com/kubernetes/kubernetes/issues/48561
Kubernetes-commit: c57eebfe2f8d36361d510f0afd926777a44cccd2
2017-09-01 16:38:54 +00:00
39fbd1db4a
Remove generated JSON code
...
Kubernetes-commit: 9e2fccd1de5384a6ecadf54849f612a10ecfe93a
2017-09-01 16:38:01 +00:00
b4c852ede3
generated: update API resources
...
./hack/update-codegen.sh
./hack/update-codecgen.sh
./hack/update-generated-protobuf.sh
Kubernetes-commit: 9caff69027e09f4617f06f30a6359072503ecc47
2017-09-01 16:38:01 +00:00
1fa829c7c8
Audit policy v1beta1 now supports matching subresources and resource names.
...
policy:
- level: Metadata
resources:
- group: ""
resources ["pods/logs"]
- level: None
resources:
- group: ""
resources: ["configmaps"]
resourceNames: ["controller-leader"]
The top level resource no longer matches the subresource. For example "pods"
no longer matches requests to the logs subresource on pods.
```release-note
Audit policy supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources.
```
Kubernetes-commit: 85491f1578b9b97751a332d3b957d874cecf27b3
2017-09-01 16:38:01 +00:00
22f326be0a
make api request verb can be overrided and make "GET" pod log request reported as "CONNECT" pod log request for metrics
...
Kubernetes-commit: e49315f2db93f5fb2333794ad8064ab7a44053d7
2017-09-01 16:37:09 +00:00
605d377a4e
Make feature gate threadsafe
...
Kubernetes-commit: d3546434b7252167b851a40a339d8ed2049ee5e5
2017-09-01 16:37:08 +00:00
3669fc6851
Add feature gate for CustomResourceValidation
...
update feature gates for generic apiserver
Add apiextensions-apiserver features to golint_failures
Ignore alpha feature if gate is disabled
Kubernetes-commit: 6ba1523a8e36c3121a9e08bfac7b4f342bb8ccb3
2017-09-01 16:37:08 +00:00
b9e05868ba
Unify cloudprovided and normal KMS plugins
...
Kubernetes-commit: 6a4afc897c2ed4fb80f1b6121a06f86bc8095cd8
2017-09-01 16:37:07 +00:00
ce838cffe4
modifying the comment of BeforeDelete function to improve readibility
...
Kubernetes-commit: 4ce3b6cf4f8486e4335d05d7f573ad1859c14ce8
2017-09-01 16:37:07 +00:00
8494697027
Feature gate initializers field
...
Kubernetes-commit: 658956f0631c6bd3ecf9f756db4a0710efea98ea
2017-08-29 13:18:50 +00:00
e1e8bebf50
Add --request-timeout to allow the global request timeout of 60 seconds to be configured.
...
Kubernetes-commit: cb764756c6f152bfb866b161315369bc47ebf13c
2017-08-29 13:18:50 +00:00
892932fb62
Fix forbidden message format
...
Before this change:
# kubectl get pods --as=tom
Error from server (Forbidden): pods "" is forbidden: User "tom" cannot list pods in the namespace "default".
After this change:
# kubectl get pods --as=tom
Error from server (Forbidden): pods is forbidden: User "tom" cannot list pods in the namespace "default".
Kubernetes-commit: ab0918673728fc50fc539017c86bbc03fceb0adc
2017-08-29 13:18:50 +00:00
064c57bb9b
Generated files
...
Kubernetes-commit: c7defb806fc6c69deb4ab57655c3fa323ba8bebd
2017-08-29 13:18:49 +00:00
b274c2ad9a
Fix benchmarks to really test reverse order of the keys.
...
Kubernetes-commit: 734be0c49f3d283ec086c9aef2dc63142b481c19
2017-08-29 13:18:49 +00:00
e74487ab1a
set --audit-log-format default to json
...
Updates: https://github.com/kubernetes/kubernetes/issues/48561
Kubernetes-commit: 130f5d10adf13492f3435ab85a50d357a6831f6e
2017-08-29 13:18:49 +00:00
49516f112c
Remove deprecated flag "long-running-request-regexp".
...
Kubernetes-commit: 72f4ab70e28a945ce25d40524696d0a486f8969e
2017-08-29 13:18:48 +00:00
d6c8c768c4
Make generic metadata conform to documented name column convention
...
Kubernetes-commit: e5857b1ec02514f06b82bf5833fcb87645732883
2017-08-29 13:18:48 +00:00
e027d67a5f
Verify TableConversion behavior in resttest
...
Kubernetes-commit: 0b0235b48497c07cc6c8286167978b599d69b690
2017-08-29 13:18:48 +00:00
b824ea82d1
Clarify finalizer function
...
Kubernetes-commit: c845c444d52b81689e4555aec0e8175f687b6a44
2017-08-29 13:18:47 +00:00
38a9bfc72a
Enable finalizers independent of GC enablement
...
Decouple finalizer processing from garbage collection configuration.
Finalizers should be effective even when garbage collection is disabled
for a given store.
Fixes https://github.com/kubernetes/kubernetes/issues/50528 .
Kubernetes-commit: ed5b5bb94e7c75f22a7fc302e47dade6c0d1662d
2017-08-29 13:18:47 +00:00
91f15f8472
Add an OrDie version for AddPostStartHook
...
Simplifies usage and consolidate the error message so it is always
the same everywhere.
Signed-off-by: Simo Sorce <simo@redhat.com>
Kubernetes-commit: 15c54ffa7750c3037f464933c2b678a9a94cea82
2017-08-29 13:18:47 +00:00
d7bd79fee1
[advanced audit api] fuzz Event with random value
...
This is an error import by me:
https://github.com/kubernetes/kubernetes/pull/49115
We need to fuzz other parts of Event with random value, otherwise
this round trip test will not make too much sense.
@sttts @ericchiang
Kubernetes-commit: f2ec610455f3756afebfcbd99c108abc86a5015d
2017-08-29 13:17:13 +00:00
0a67bd6be4
Make metav1.(Micro)?Time functions take pointers
...
Kubernetes-commit: 0504cfbc2556155c31e5db43673d6b903c64dfa2
2017-08-29 13:16:16 +00:00
504f70acec
Add enj as reviewer to OWNERS
...
Adding myself as a reviewer for the following areas:
- API
- auth
- registry
- storage (etcd)
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: dd06794bc20ef1e0889af576c7a4f7a2f607e49d
2017-08-29 13:16:16 +00:00
81eb3429e7
remove useless argument "name"
...
Kubernetes-commit: 2e97611bc62b88c48777d6209a0ed28d17d0e52d
2017-08-29 13:16:16 +00:00
e89debc597
fix typo
...
Kubernetes-commit: 2ad04cb46dfa84fbd3b169f555ee0ed71b277428
2017-08-29 13:16:15 +00:00
768926168b
fix incorrect logic
...
Kubernetes-commit: d4b41afe59736e63c0f5388256324c2583d7a659
2017-08-29 13:16:14 +00:00
68a92a4526
Add metric for remaining life of authenticating certificates
...
When incoming requests to the API server are authenticated by a
certificate, the expiration of the certificate can affect the validity
of the authentication. With auto rotation of certificates, which is
starting with kubelet certificates, the goal is to use shorter lifetimes
and let the kubelet renew the certificate as desired. Monitoring
certificates which are approaching expiration and not renewing would be
an early warning sign that nodes are about to stop participating in the
cluster.
Kubernetes-commit: 49a19c6011e05363a8baf8e99c917d11a9496568
2017-08-29 13:16:14 +00:00
24a3b34c79
audit: disable new v1beta1 types until incompatible changes are done
...
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
2017-08-29 13:16:13 +00:00
24b54db39e
run hack/update-all.sh
...
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
2017-08-29 13:16:13 +00:00
3468d049a7
upgrade advanced audit to v1beta1
...
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
2017-08-29 13:16:13 +00:00
1e4465a8e7
apiserver: simplify deepcopy calls
...
Kubernetes-commit: b2442224e79f480409806c2ccfa24a9acb708162
2017-08-29 13:16:13 +00:00
04aa1e08ec
Implement batching audit webhook graceful shutdown
...
Kubernetes-commit: 7798d32fc787d79da617914259d9285e558054f7
2017-08-29 13:16:12 +00:00
9edc635fcc
FeatureGate: update comments
...
Kubernetes-commit: fea5a8bc8a7ef2f956d2b11cb54248ec9545ef15
2017-08-29 13:16:12 +00:00
86ef841256
apiservers: add synchronous shutdown mechanism on SIGTERM+INT
...
Kubernetes-commit: 11b25366bc7bfe2ad273c8bf9c332fd9d233bffc
2017-08-29 13:16:11 +00:00
7313c11a9e
add validation for fed-apiserver
...
Kubernetes-commit: f2ea31fd925f764f8c684710d9cd345663e88d17
2017-08-29 13:16:11 +00:00
2384086d1e
apimachinery: remove misleading NewDefaultRESTMapper
...
Kubernetes-commit: 87c9f89cb15b2a64271dbdd292e2ce4abe7ab84a
2017-08-29 13:16:11 +00:00
2c8f1ce1d5
apimachinery: remove pre-apigroups import prefix logic
...
Kubernetes-commit: 8728576236698083f619c4fab06943b174f3fc61
2017-08-29 13:16:10 +00:00
be8f046a0c
Add union token authenticator
...
Kubernetes-commit: 4fd8196cf56aa7884f5a385017b2be651a259e59
2017-08-29 13:15:24 +00:00
80d2e2dae5
Add token cache component
...
Kubernetes-commit: 1670ba58d5425caecbde8871b07521e9e5888f78
2017-08-29 13:15:24 +00:00
dcfd8acc4d
Add token group adder component
...
Kubernetes-commit: 15d8509a711efa062a1357cf1cfb398ec6e91023
2017-08-29 13:15:24 +00:00
6c539a43c6
Use buildozer to delete licenses() rules except under third_party/
...
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
2017-08-29 13:15:24 +00:00
6caa2933ae
Use buildozer to remove deprecated automanaged tags
...
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
2017-08-29 13:15:24 +00:00
f8c99c82f6
Autogenerate BUILD files
...
Kubernetes-commit: cf55f9ed45e6df2431d47cfc5b9c9b30758527f1
2017-08-29 13:15:23 +00:00
31be6bf988
validate kube-apiserver options
...
Kubernetes-commit: de406f83cfafc4033a935821a05cd8d8e5f50099
2017-08-29 13:15:23 +00:00
5cfd8381c1
add some checks for fedration-apiserver options
...
Kubernetes-commit: 172ab88ce848d2c2e6c344535d3011d4ac558a37
2017-08-29 13:15:23 +00:00
f2bea1dce9
Fix unused Secret export logic.
...
The strategy used for the secret store defined custom export logic, and
had accompanying unit tests. However the secret storage did not actually
wire this up by setting an ExportStrategy and thus the code was never
used in the real world.
This change fixes the missing assignment and adds testing at a higher
level to ensure any uses of the generic registry.Store that we expect to
have an ExportStrategy do, and no others.
Several other strategies in the RBAC package also appeared to have
unwired Export logic, however their implementations were all empty
leading me to believe that these are not considered exportable. The
empty methods have now been removed.
Kubernetes-commit: 855a1c17131f92fca6de33279a02eca3893ca374
2017-08-29 13:15:22 +00:00
0fb974784d
Add unittests for GenerateLink
...
Kubernetes-commit: a835d5bdd2747f3e799ab470bd2e2f14ee0fb52a
2017-08-29 13:15:22 +00:00
4ace90bfb4
Return Audit-Id http header for trouble shooting
...
Kubernetes-commit: 4a1e7ddaa6e0d2e92ce27d9846cfc8407e1fcb60
2017-08-29 13:14:38 +00:00
33ec851d32
Fix NotFound errors do not line up with API endpoint's group version
...
Kubernetes-commit: 2eda19da7be9b8e0fad294bf902684f23a795dd2
2017-08-29 13:14:38 +00:00
f5f8465637
Fix includeObject parameter parsing
...
Kubernetes-commit: a7a551148071bb4d87f73c7b6c0f4bd7cc829b22
2017-08-29 13:14:38 +00:00
aea323d020
Let controllers ignore initialization timeout error when creating a pod.
...
Kubernetes-commit: 97e07e5b52d310ac24d1d46572a4435e694a48f8
2017-08-29 13:14:37 +00:00
0d288373d0
SuggestClientDelay is not about retrying, clarify message and header
...
SuggestClientDelay is returning whether the server has requested that
the client delay their next action. It is *not* about whether the client
should retry the action. Webhook was using it incorrectly, and the
method is now up to date.
Kubernetes-commit: 04846cc25b862c1eabff03ea0b11cbf2f7fae8e2
2017-08-29 13:14:37 +00:00
c685a3bb9c
generated: bazel
...
Kubernetes-commit: 1ebbce2f6cad617a53225478efd4ffde30741475
2017-08-29 13:14:37 +00:00
8ba1feb05c
Timeout filter returns 504 and an inconsistent error body
...
Our rules are that code of the error must match code of the response. We
were also not setting the correct reason. This updates the timeout
filter to be consistent with other clients, without changing the error
code (504 is correct). The new message properly indicates the request
may still be running, which the old message did not do.
Kubernetes-commit: 74f6669b4983a9295dc0549ad15e44d70a18cc8f
2017-08-29 13:14:36 +00:00
19ee3e9e2f
Report non-resource URLs in max-in-flight correctly
...
This potentially has high cardinality, however we can rate limit based
on queries to these endpoints as well.
Kubernetes-commit: 022a5463dcf20126b02e9d9f797ea1e589de1dd1
2017-08-29 13:14:36 +00:00
139dfbd0e1
Update generic errors with the new http package codes
...
All of these errors are now part of the standard HTTP method. Formalize
those into our error types and remove duplication and unclear
separation.
Kubernetes-commit: d3be1ac92eb644e284915a55fe67942c33f88d4c
2017-08-29 13:14:36 +00:00
d1afbac635
create default storage selection functions
...
Kubernetes-commit: 0258d044d3b46f5d2e6bf30658afd4f29e48a1ca
2017-08-29 13:13:51 +00:00
44942b068a
Run hack/update-bazel.sh to generate BUILD files
...
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
2017-08-29 13:13:51 +00:00
c229fe60e4
fix typo in staging/src/k8s.io/apiserver/pkg/server/config.go
...
Kubernetes-commit: 1382d2f6e8baa2342e2b117b527d4b74d3b539ee
2017-08-29 13:13:50 +00:00
4f763bd819
Add missing ugorji codecs for auth/v1, settings/v1alphav1 and storage/v1
...
Kubernetes-commit: 51df7cf59de2a7fbaad61e4a1a13598668028de5
2017-08-29 13:13:07 +00:00
0ee5e1006e
remove dead log handler and increase verbosity
...
Kubernetes-commit: 9e263af7dacafe590cc585f0c37123310a2a9a4f
2017-08-29 13:13:06 +00:00
f3aa141adb
make admission tolerate object without objectmeta for errors
...
Kubernetes-commit: 62272a221c5c77cbc2c3e7d0dd56f0064ac2d00c
2017-08-29 13:13:06 +00:00
7dfcb9c56f
This adds an etcd health check endpoint to kube-apiserver
...
addressing https://github.com/kubernetes/kubernetes/issues/48215 .
Kubernetes-commit: 47d748c5dc989ea46142569bf42636c622fe128a
2017-08-29 13:13:05 +00:00
be2b87fdb8
cleanup dead installer code
...
Kubernetes-commit: c2874941620c264813b6bfa42913f95fd0cc2317
2017-08-29 13:13:05 +00:00
2faadf8c85
update generated deepcopy code
...
Kubernetes-commit: a1c880ece3574a2c7170e0d040489d56dd912e08
2017-08-29 13:13:04 +00:00
f26c819f3d
Update Bazel
...
Kubernetes-commit: 1806609596aa05f3ee2d941fd26978451b946383
2017-08-29 13:13:04 +00:00
e671fe20d7
Update main repo references to new kube-openapi repo
...
Kubernetes-commit: 400b77b48f972b1e10854980586559d5852088c7
2017-08-29 13:13:04 +00:00
72a8a7817c
Revert "Separate Build and Serving parts of OpenAPI spec handler"
...
This reverts commit 0a886ffaf8b9de97ef8134a4182b719ba2c6f22f.
Kubernetes-commit: 56fd5853b347e985b4fd02e251ee8da4ae6e35a2
2017-08-29 13:13:04 +00:00
2de4d08b67
Revert "Aggregate OpenAPI specs"
...
This reverts commit 1a1d9a0394cbdb1d1e2412ae8f0157799eb5329c.
Kubernetes-commit: 88868402b863b1f59a339d3a218bf62c264721ee
2017-08-29 13:13:04 +00:00
d986f949fd
Correctly handle empty watch event cache
...
Kubernetes-commit: 0df769f54061aaa1796e2ef496265b3711e6826a
2017-08-29 13:13:03 +00:00
fe5fc30248
Add cloudprovidedkms provider support
...
Kubernetes-commit: 68a32c06b4d69970ac2489ff5177d5703ca604cd
2017-08-01 23:56:38 +00:00
55fe632ce2
Add unit tests for KMS transformer initialization
...
Kubernetes-commit: b76c63a9f086d978532c5b7ca565cb3ccd90b32e
2017-08-01 23:56:38 +00:00
c75b59c1cd
Add KMS plugin registry
...
Kubernetes-commit: 49989439d7dab525d22b73936d533ae736b50491
2017-08-01 23:56:38 +00:00
741f2c78f4
Don't use cacher if uninitialized
...
Kubernetes-commit: 74b9ba3b4d7c6f0a116464ac01a5f98b915d4586
2017-07-29 13:55:24 +00:00
d156370a82
Add apiserver metric for response sizes split by namespace scope
...
Kubernetes-commit: 5facb62806a7f5d442bff8f77418b53cd58544f9
2017-07-29 13:55:24 +00:00
431caeab63
Use case-insensitive header keys for `--requestheader-group-headers`.
...
This flag is documented as being case-insensitive, but the code was
doing a case-sensitive map lookup.
Kubernetes-commit: 0acdc0cdb369372e06c202aea162bce04410f643
2017-07-28 13:56:11 +00:00
6f848a98cb
add reflector metrics
...
Kubernetes-commit: 151d39682e62b288c247d8174a5f7fb139ee7bd1
2017-07-28 13:56:11 +00:00
c51b2a76ca
Add benchmarks for envelope transformer
...
Kubernetes-commit: 449e811ebe3135a35d04afc84c2e9c9481d637fe
2017-07-28 13:56:11 +00:00
8ca16e584a
Add unit tests for envelope transformer
...
Kubernetes-commit: d23a1f135d694ef315f23299f095fd4b85421670
2017-07-28 13:56:11 +00:00
03bcff8111
Implement Envelope encryption Transformer
...
Kubernetes-commit: 1a92a8aeb3da1df618396f633ec66678ca1ac3a9
2017-07-28 13:56:11 +00:00
b6648b369b
Fix Operation names for subresources
...
Kubernetes-commit: 61ba8ca0bc072035a5fd15301854b23eabec1e70
2017-07-28 13:56:11 +00:00
0167d09496
squash the commits into one
...
Kubernetes-commit: fa6b60120b5d54b5f9c13b76973283e68d053f8a
2017-07-28 13:56:11 +00:00
7f0ff974d5
rate limiting should not affect system masters
...
Kubernetes-commit: 8a3b4d81e6c3a74fa1afa5fd17d3bf42ba1e856d
2017-07-28 13:56:11 +00:00
9e00357e52
fuzzer: remove unreachable code
...
Kubernetes-commit: 365abedff55108ce9f96b5e186622b91a415cba2
2017-07-28 13:56:11 +00:00
a2a05bd86f
ParseEncryptionConfiguration: simplify code.
...
Also improves function name in godoc and many error messages.
Kubernetes-commit: bf51722ffbfa5521b8c516b8751435f004aacacf
2017-07-28 13:56:11 +00:00
aaf3784254
Unify fuzzers and roundtrip tests
...
Kubernetes-commit: ecc811d263894ae54bbe62a3b1ba14847a260e95
2017-07-28 13:56:11 +00:00
4906405ecb
Remove myself from a bunch of places
...
Signed-off-by: Michail Kargakis <mkargaki@redhat.com>
Kubernetes-commit: e884eac6fe422bd6ba2910a527defe9fd5e94392
2017-07-28 13:56:11 +00:00
7def9ae6ce
Fixup go2idl references
...
Kubernetes-commit: edfbb9aa6424ef975d717177886ca9cbdabe34c6
2017-07-28 13:56:11 +00:00
157dcc8988
fix NamespaceLifecycle admission
...
forceLiveLookupCache is designed to save recently deleted namespaces.
But currently, cluster scoped resources are also put into it.
For example, when we run:
kubectl delete clusterrole edit
The "edit" is put into forceLiveLookupCache as a deleted namespace.
This change fix the invalid action.
Kubernetes-commit: a8693b63b910d02397eb4a27873cd7da08242a14
2017-07-28 13:56:11 +00:00
5f2f70a255
Validate --storage-backend type.
...
Kubernetes-commit: fcf2df9ad7ea688d75b2e9abb036b9d7abcc6e7c
2017-07-28 13:56:10 +00:00
e24df9a2e5
Update generated code
...
Kubernetes-commit: 8dd0989b395b29b872e1f5e06934721863e4a210
2017-07-19 03:49:08 +00:00
36b2f4560f
deepcopy: add interface deepcopy funcs
...
- add DeepCopyObject() to runtime.Object interface
- add DeepCopyObject() via deepcopy-gen
- add DeepCopyObject() manually
- add DeepCopySelector() to selector interfaces
- add custom DeepCopy func for TableRow.Cells
Kubernetes-commit: 39d95b9b065fffebe5b6f233d978fe1723722085
2017-07-19 03:49:08 +00:00
530dec4a81
adding validations on kube-apiserver audit log options
...
Signed-off-by: huangjiuyuan <jiuyuan.huang@daocloud.io>
Kubernetes-commit: 21d0f815645ca3452719faf1ad69c63a9c3f3db2
2017-07-19 03:49:08 +00:00
4c5bbed295
Never prevent deletion of resources as part of namespace lifecycle
...
Kubernetes-commit: 95bf4983dec5909c536d6d602b4cf7a9b5c78c99
2017-07-19 03:49:08 +00:00
57a29126d7
amend the comment
...
Kubernetes-commit: fe13072443289a87ac2bf89fa7818f0ba8a5c64d
2017-07-19 03:49:08 +00:00
a9bfd91dd9
Do not persist SelfLink into etcd storage
...
This behavior regressed in an earlier release. Clearing the self link
ensures that a new version is always written and reduces the size of the
stored object by a small amount. Add tests to verify that Create and
Update result in no SelfLink stored in etcd.
Kubernetes-commit: 461c3701f0915acbf49c339f5321fa86879a963e
2017-07-16 04:08:42 +00:00
4944e218bd
remove some people from OWNERS so they don't get reviews anymore
...
These are googlers who don't work on the project anymore but are still
getting reviews assigned to them:
- bprashanth
- rjnagal
- vmarmol
Kubernetes-commit: c201553f2776ac401549d561485f9a5cb4841ae8
2017-07-16 04:08:42 +00:00
817e4db05c
maxinflight handler should let panicrecovery handler call NewLogged
...
Kubernetes-commit: 6ffbbad21790ccf1f1f7063a0800a4696a572c76
2017-07-16 04:08:42 +00:00
b817dfcc02
Name change: s/timstclair/tallclair/
...
Kubernetes-commit: a2f2e1d4918effb4f0994333c7b88086674e4a5b
2017-07-16 04:08:42 +00:00
aeff5f2a0a
add a regression test for Audit-ID http header
...
This change add a test for: https://github.com/kubernetes/kubernetes/pull/48492
Kubernetes-commit: a5df09ba89f4c010eed76ffd985895aa80de9845
2017-07-16 04:08:42 +00:00
f3f629bfe7
remove svg mime type extension
...
Signed-off-by: sakeven <jc5930@sina.cn>
Kubernetes-commit: 795953c0c4db03d182b941af5af03ff51652de72
2017-07-16 04:08:42 +00:00
ec4f695076
generated: bazel / godeps
...
Kubernetes-commit: c73622108ccd285b245cf9fe2dc218a47398d31d
2017-07-16 04:08:42 +00:00
5c33fc4de4
apimachinery: remove unneeded GetObjectKind() impls
...
Kubernetes-commit: da3322c2d93671b7cbff9b090dd5e1ce9984130e
2017-07-16 04:08:42 +00:00
51b28748a4
Update generated files
...
Kubernetes-commit: d358cb168d60deec2c84b68003680307a6565bbd
2017-07-16 04:08:42 +00:00
15712b92c3
apimachinery+apiserver: extract test types to work w/ deepcopy-gen
...
Kubernetes-commit: 205cd90d465b7287fdad5f77d1dc4ac13624b067
2017-07-16 04:08:41 +00:00
8304eb8a20
audit: fix deepcopy registration
...
Kubernetes-commit: ad23081273785668ee2520e5349cf0b05f64e41f
2017-07-16 04:08:41 +00:00
7723f2ca07
remove extra WriteHeader function
...
The deleted two functions will be called later in the function
SerializeObject(). Not necessary to call them twice.
Kubernetes-commit: f41eb67798c574b531b5dd542d3284604b142801
2017-07-16 04:08:41 +00:00
8bc6800aeb
support json output for log backend of advanced audit
...
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
2017-07-16 04:08:41 +00:00
bcc0d0a6d0
Unify generic proxy code in apimachinery
...
Make the utility package truly generic, consolidate all generic proxy in
apimachinery.
Kubernetes-commit: edc12aafe2fbfe3475bdf03c34ffa26cc4322673
2017-07-16 04:08:41 +00:00
c521c8f6b5
Record 429 and timeout errors to prometheus
...
Allows gathering of load being shed.
Kubernetes-commit: 2e33a2f0bc8ac82aecadcb19cf6e41259454d182
2017-07-16 04:08:41 +00:00
aa72cc77b2
remove dead code
...
Kubernetes-commit: 0801ded4252684c47d8a50700f9f5ff8ff88b964
2017-07-16 04:08:41 +00:00
e110054277
TestLoopbackHostPort should accept IPv6 loopback host
...
Kubernetes-commit: 8469b013333baec0dc2fc43a6bfb7493fcf019e8
2017-07-16 04:08:40 +00:00
6040aeb60d
Fix invalid Content-Type for 403 error
...
https://github.com/kubernetes/kubernetes/pull/47384 makes 403 errors
return Status Object. How the Content-Type is still "text/plain"
This change fix it.
Kubernetes-commit: 36e0a5ed14ae0fb9fd88980f0fce57d076216e2e
2017-07-06 23:56:07 +00:00
d248b52a81
Fix Audit-ID header key
...
Now http header key "Audit-ID" doesn't have effect, because golang
automaticly transforms "Audit-ID" into "Audit-Id". This change use
http.Header.Get() function to canonicalize "Audit-ID" to "Audit-Id".
Kubernetes-commit: f21bc7bb9a82378e8b24f72c66dfd23bc8113f20
2017-07-06 23:56:07 +00:00
da548f4af1
fix error type
...
Kubernetes-commit: 45ec7d9f51c54c8312579c9a0eab83c29d6d7d06
2017-07-05 23:59:23 +00:00
276c240fae
Fix 401/403 apiserver errors do not return 'Status' objects
...
Kubernetes-commit: 3d6479f7216dcb61e56ab6dd53fad7176930645d
2017-07-05 23:59:23 +00:00
fc0bd6b232
make the panic handler first
...
Kubernetes-commit: 9b43bd4a5b234d528ebc0fd059ae69eedced8c7f
2017-07-05 23:59:22 +00:00
924adf12df
Add Validate() function for audit options
...
Kubernetes-commit: cf8e3ccf1959942342ed0c10f6b43d46beb65e04
2017-07-05 08:39:49 +00:00
f73160e236
allow a deletestrategy to opt-out of GC
...
Kubernetes-commit: 312fb1e1fa198f4715598feac659f5eeffd05032
2017-07-04 08:39:44 +00:00
af4570c690
update events' ResponseStatus at Metadata level
...
ResponseStatus is populated in MetadataLevel, so we also update it in
MetadataLevel.
Kubernetes-commit: b6abcacb38d5da7c70ea9f3e6f673c8beeb90092
2017-07-04 08:39:44 +00:00
0ce81fed2f
add validate for advanced audit policy
...
This change checks group name and non-resrouce URLs format for audit
policy.
Kubernetes-commit: 7437b88386665ff4a16fe37d02818285636ec8ce
2017-07-04 08:39:44 +00:00
2f829d739b
GuaranteedUpdate must write if stored data is not canonical
...
An optimization added to the GuaranteedUpdate loop changed the
comparison of the current objects serialization against the stored data,
instead comparing to the in memory object, which defeated the mechanism
we use to migrate stored data.
This commit preserves that optimization but correctly verifies the in
memory serialization against the on disk serialization by fetching the
latest serialized data. Since most updates are not no-ops, this should
not regress the performance of the normal path.
Kubernetes-commit: b851614adfe2b39941d518485480ff527fa4f0c1
2017-07-04 08:39:44 +00:00
755b51396c
remove useless check from impersonation filter
...
When groupsSpecified is false, that means no other groups are added
rather than the service account groups. So this check doesn't make
any sense.
Kubernetes-commit: 0a1e24f31e5dc1a4f193a6d564ed06e2535b2830
2017-07-01 08:39:43 +00:00
d57ea42cc0
Add NYTimes/gziphandler dependency
...
Kubernetes-commit: f617df7d6a63692ae8e0b2863f3b44f6ea02d355
2017-07-01 08:39:43 +00:00
242da91bc8
openapi: Read Accept-Content to send gzip if needed
...
Kubernetes-commit: bd38dd4d12b77126ba9c129b74b2b444f9f2a3a1
2017-07-01 08:39:43 +00:00
a0b4bc5639
Fix a typo in deletion log of apiserver
...
Kubernetes-commit: 7adf8d8cac89eb68bc10a58827ef08e74e047913
2017-07-01 08:39:43 +00:00
7039fe1e17
Refactor unstructured converter
...
Kubernetes-commit: dc1ee493a29251492403e4282b5df3e897de2214
2017-06-30 08:44:46 +00:00
dc4be7ced9
s/count/total/ in audit prometheus metrics
...
Kubernetes-commit: b34d6ab890d3d73b391a876125d1ea3141c54f1d
2017-06-28 00:14:32 +00:00
b7f543928d
prioritize messages for long steps
...
Kubernetes-commit: f4767c270dde1de68235fd21ac4b907f6ef33385
2017-06-28 00:14:32 +00:00
b74e5942e2
add compression to GET and LIST api requests
...
this feature is gated; disabled by default
Kubernetes-commit: c305f72315a83c16c40fbbfd06b563f9e67208ff
2017-06-28 00:14:31 +00:00
a238a912d3
add level for print flags
...
Signed-off-by: sakeven <jc5930@sina.cn>
Kubernetes-commit: 8b1a08a9194cf423ba53e6662f9e746852f60164
2017-06-28 00:14:31 +00:00
c4948f98da
incluster config will be used when creating external shared informers.
...
previously the loopback configuration was used to talk to the server.
As a consequence a custom API server was unable to talk to the root API server.
Kubernetes-commit: 074544b3b024156e4ce91de5778281dbe1b47a72
2017-06-28 00:14:31 +00:00
8be42ee0d0
run hack/update-all
...
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
2017-06-28 00:14:31 +00:00
0fc5fed423
manually fix openapi-gen
...
Kubernetes-commit: 4379bbdafbd38bdc67f2ceb5cb7a4e778baebf04
2017-06-28 00:14:31 +00:00
230d302a85
manually fix kubectl openapi unit test
...
Kubernetes-commit: 239613b521b5180d01d2de004e793234bfa6be07
2017-06-28 00:14:31 +00:00
e5d0493897
make all works. generated harmless covnersion/deepcoy chagnes
...
Kubernetes-commit: 847b048fa0b2e83d4d4c39ceb37e9e0262d5a968
2017-06-28 00:14:31 +00:00
81b7aaaa7d
run root-rewrite-import-client-go-api-types
...
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
2017-06-28 00:14:31 +00:00
150b64eff5
run hack/update-codegen.sh
...
Kubernetes-commit: e185f7e2770039a799a21af9362ed999197dcc33
2017-06-28 00:14:31 +00:00
63a940e4f9
Remove redirect verb parsing
...
Kubernetes-commit: e8b24679dc457d3321073b9ae8e1c17a1763c56a
2017-06-28 00:14:31 +00:00
6a99774546
Use websocket protocol authenticator in apiserver
...
Kubernetes-commit: 6a872c09ebc8bff4efccc6d0206b0b5639be31ae
2017-06-28 00:14:31 +00:00
5c2f76950a
Add websocket protocol authentication method
...
Kubernetes-commit: e2a03bcf2a568b5c40e8f92e1009440038f5e5ee
2017-06-28 00:14:31 +00:00
080796b69a
Lower etcd compacted loglevel
...
Kubernetes-commit: 151b6a04e1355c1b47191f46283a3bfe98dfc393
2017-06-28 00:14:31 +00:00
a93da9eb77
Don't bother with a mutable transformer for identity
...
Kubernetes-commit: dac0d07546f50636ae7f140415aa949325494b2e
2017-06-28 00:14:31 +00:00
3d01cde9c2
Fix rawextension decoding in update
...
Kubernetes-commit: a536ee3615e15954c63b0ccea0885837e2846e1e
2017-06-22 04:00:53 +00:00
5f00d0e8e2
generated: protobuf with stable map ordering
...
Kubernetes-commit: 606825eea47f41c72a3da1d4d2a769a340e1b69d
2017-06-20 00:06:38 +00:00
6c72e52da3
Add logging to debug conflicts in kubemark-scale test
...
Kubernetes-commit: 1504c7fc31d1a1f8a37e106b056cc261cdff7a47
2017-06-19 20:36:09 +00:00
1526f6a57c
Add version and flag info to apiserver and CM logs.
...
Should help debugging.
Specifically for #45706
Kubernetes-commit: f6bcac3fecbc5ef105b903d8e14252ccb2b55e51
2017-06-16 22:11:33 +00:00
6ed25fddc6
Fix api description
...
Kubernetes-commit: f7ce20d2e4b4c24cfa7440e135abf78e538673bb
2017-06-16 22:11:33 +00:00
205eddae2b
Fix typo in secretbox transformer prefix
...
Kubernetes-commit: 2c820c205073ec96acf8c0cf140db2381f377425
2017-06-15 22:11:39 +00:00
64014c6e25
audit: Fill in full ObjectRef, include in LevelMetadata
...
Kubernetes-commit: 28beb4572e676b9073f400fb6ccf2720381a41d0
2017-06-14 20:44:08 +00:00
97b762c21b
remove leaked socket file in unit test
...
Kubernetes-commit: 2c19b9e143cd9fde4365f3f9913b23d955d9ceda
2017-06-14 20:44:08 +00:00
9b573e7060
Remove extra empty lines from log
...
remove extra "\n" from Everything()
Kubernetes-commit: 3816b6fde565720ac09177d30fb63d718dca8692
2017-06-13 20:47:33 +00:00
e4286c2402
Revert "add gzip compression to GET and LIST requests"
...
This reverts commit fc650a54d02f358c7fc65fa25b8312028bd4e944.
Kubernetes-commit: 63e3e2fa7b04bd3d3f1fccb63391f17ea01e06a8
2017-06-13 20:47:32 +00:00
05d333de3f
DeleteCollection should include uninitialized resources
...
Users who delete a collection expect all resources to be deleted, and
users can also delete an uninitialized resource. To preserve this
expectation, DeleteCollection selects all resources regardless of
initialization.
The namespace controller should list uninitialized resources in order to
gate cleanup of a namespace.
Kubernetes-commit: 9ad1f80fdcd77edcdd53abec3641c04c80fd9b1e
2017-06-13 20:47:32 +00:00
f1876a2211
Add configuration for AESCBC, Secretbox encryption
...
Add tests for new transformers
Kubernetes-commit: 13073407422c62ee2131968060c85ce8b6488de4
2017-06-13 20:47:32 +00:00
c396142d93
[legacy audit] add response audit for hijack
...
Kubernetes-commit: 9212b0240de33344034c829f78a0f5c86aea6a0d
2017-06-13 20:47:32 +00:00
f6771d9ae8
Revert "Optimize selector for single-matching items"
...
This reverts commit f93a270edcefc3780247ae89eea02cd13b81237b.
Kubernetes-commit: dbafff3eea4648c8dc6d8ce0d46f7f3932c73bb6
2017-06-13 20:47:32 +00:00
Walter Fender
Shiyang Wang
tengqm
Kubernetes Publisher
Clayton Coleman
Maciej Szulik
Chao Wang
Dr. Stefan Schimanski
Cao Shufeng
Di Xu
David Eads
mbohlool
Chao Xu
Morgan Bauer
Chen Rong
Tim Hockin
Eric Chiang
Chenxingyu
Jordan Liggitt
Nikhita Raghunath
Saksham Sharma
huangjiuyuan
Joe Betz
Slava Semushin
xiangpengzhao
Dan Mace
Simo Sorce
gmarek
Monis Khan
duan-yue
guangxuli
Jacob Simpson
Mik Vyatskov
m1093782566
Jeff Grafton
Devan Goodwin
bjhaid
supereagle
Wojciech Tyczynski
Shyam Jeedigunta
John Millikin
jianglingxia
Michail Kargakis
Mike Danese
Tim Allclair
sakeven
Aaron Crickenberger
Haoran Wang
Antoine Pelisse
Kyâne Pichou
Mikhail Mazurskiy
Tim St. Clair
Eric Paris
Scott Weiss
p0lyn0mial
NickrenREN
Matt Liggett
zhengjiajin