kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,013 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

97 Commits

Author SHA1 Message Date
Chao Xu 8a572a63d4 Rename GenericAdmissionWebhook to ValidatingAdmissionWebhook 
Kubernetes-commit: d3c0765780fed5576670d6624cc3cc8d691d6392
 2017-11-17 21:05:11 -08:00
Chao Xu ed64135818 Rename the testdata package to testcerts. 
`godep save` somehow fails if there is a testdata go package. See
https://github.com/kubernetes/kubernetes/pull/54892#issuecomment-345035489

Kubernetes-commit: 2052a7e2a3483e341a5a8d1fc5ae8510dd32b2c6
 2017-11-17 13:24:48 -08:00
Chao Xu 1b638a5be7 generated bazel 
Kubernetes-commit: 6193360eb52b00727df08f67eb8fc364a8df85e9
 2017-11-15 16:21:28 -08:00
Chao Xu cb8d15718f Adding the mutating webhook 
Kubernetes-commit: ea123f82aae5bc46b9a91c4543c8f742d0db52da
 2017-11-14 16:36:28 -08:00
cheftako 556a83dbf9 Admission request/response handling 
AdmissionResponse allows mutating webhook to send apiserver a json patch
to mutate the object.
This reflects the imperative nature of AdmissionReview. It adds
AdmissionRequest and AdmissionResponse in place of status/spec.
The AdmissionResponse the allows the mutating webhook
to send back a json path with the mutated version of the requested
object.
Fixed the integration test to clean up properly.
Switched test image to 1.8v5 to reflect API changes.
Make sure to cache test framework client for cleaup test code.
Switched to pointer for patch type.
Factored in @liggitt's feedback.
Factored in @lavalamp's feedback.

Kubernetes-commit: dac3c2e168784bbcf1cbfef8bf5430101e191715
 2017-11-06 15:41:26 -08:00
Chao Xu 0159c24faf generated bazel 
Kubernetes-commit: 47ef9aaf2297829998eb1a0a804de9209c1008f1
 2017-11-14 16:29:23 -08:00
Chao Xu da1d210644 Reorganize the code in webhook admission plugin. 
Move the namespace selector code to package webhook/namespace
Move the conversion related code to package to webhook/versioned
Move errors related code to package webhook/errors
Move admission review related code to package webhook/request

Kubernetes-commit: 51774697b35314b078270e9da24fbe0ff843b981
 2017-11-14 15:20:45 -08:00
Chao Xu f88f0f12a1 Reorganize the admission webhook code. 
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.

Kubernetes-commit: 1adfacc7eb41da109e970a9c2985fd55b4cbbdfd
 2017-11-05 18:11:47 -08:00
Joe Betz 5f443f1654 Align admission metric names with prometheus guidelines 
Kubernetes-commit: 369fd81ca151fe2ccb1ac0e6d44aad0eee99abf1
 2017-11-14 11:18:31 -08:00
Joe Betz a1e35e7bfe Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 
Kubernetes-commit: 9d13d1baece20fc611176aad3b6f39ccf9fa4b36
 2017-11-06 17:48:59 -08:00
Joe Betz f2028cc5a5 Add admission metrics 
Kubernetes-commit: 3940e4f0533a7ee8e50ec939cdcb44c33d4a0ae9
 2017-11-06 14:14:33 -08:00
Chao Xu 9dda7d3efb let validation webhook convert objects to the external version before sending them 
Kubernetes-commit: ab053a224d27aa48ea4b34ba7591cfd72c3f567d
 2017-11-03 16:49:56 -07:00
Daniel Smith bee24b37a5 fix docs and validation 
Kubernetes-commit: e73fd8784484235d5010f4b2bba2251a584c5dd0
 2017-11-11 18:00:32 -08:00
Daniel Smith 51c2612984 Add URL beside service 
Kubernetes-commit: a0cb2ce697c195d22daeef4fbe6545bdaba11e2f
 2017-10-31 16:28:06 -07:00
Chao Xu 640cf74d8c generated 
Kubernetes-commit: 2f83748068e45fd548b1caaac2cc0ca06a769653
 2017-11-10 11:06:07 -08:00
Chao Xu 512274139c add NamespaceSelector to the api 
business logic in webhook plugin and unit test

add a e2e test for namespace selector

Kubernetes-commit: 7006d224bebb5a1aee9c70387a8584e0a0e8b10f
 2017-10-27 14:42:09 -07:00
hzxuzhonghu 69a65358c5 update bazel 
Kubernetes-commit: b845e26983741c5d12e621604b5e064e03d4fed1
 2017-11-03 10:06:07 +08:00
hzxuzhonghu 45d6a78b3f cache admission webhook restClient 
Kubernetes-commit: 42d9153a03e971453ccf8e46e149a20a9ff3d656
 2017-10-31 19:08:29 +08:00
hzxuzhonghu c37db061da remove redundant code in admission initializer 
Kubernetes-commit: 9d1e6d3e2cc25db8e07db446d00390059c8264f8
 2017-11-08 10:54:06 +08:00
mbohlool 3846cb803e Rename ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration 
Kubernetes-commit: 9ddea83a2ce0937cf0fc8f8c35614bb18e74cfad
 2017-11-07 12:46:54 -08:00
Dr. Stefan Schimanski d10f10b8ac pkg/apis/core: mechanical import fixes in dependencies 
Kubernetes-commit: 012b085ac870d359131f4251213bf2fff1d15aa0
 2017-11-08 23:34:54 +01:00
supereagle 80475e014f use versiond group clients from client-go 
Kubernetes-commit: b694d518428ac655780d812f7dd4cf72d3e24763
 2017-07-28 15:54:13 +08:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Janet Kuo 201480baa2 Add hook information when rejecting a request 
Kubernetes-commit: 948bd7bbc18b343161120b365c089528f8fc0550
 2017-10-27 14:59:54 -07:00
Dr. Stefan Schimanski 45afa13373 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 
Kubernetes-commit: aedcf681b32618be3cf9ad40eeb039f1bb26c5ae
 2017-10-27 17:09:39 +02:00
Dr. Stefan Schimanski 3eeded3a29 admission: wire create+update validation func into kube registries 
Kubernetes-commit: 2452afffe09e1ced9487e5a701beb1443a92b741
 2017-10-24 15:33:28 +02:00
Dr. Stefan Schimanski 777cf3c0ef admission: unify plugin constructors 
Kubernetes-commit: 131905cdb8b929f7c15f810e02ec9a45b306b769
 2017-10-30 14:20:40 +01:00
hzxuzhonghu 749c4d2360 fix import warning 
Kubernetes-commit: fcf4a0e191449925148783517cfe7ade234a2510
 2017-10-30 10:16:13 +08:00
Chao Xu 7d5fb56d23 Add a e2e test for the admission webhook 
Kubernetes-commit: 88cb71c421e4db6c15b9ec9f4c605c8779b15a33
 2017-10-13 14:37:37 -07:00
Chao Xu 3843f2885c remove the nesting directory webhook/webhook 
Kubernetes-commit: ca8131877ad4fcab76388360e04ff9eb05af41a4
 2017-10-26 14:19:49 -07:00
Kevin 41430fda7c use core client with explicit version globally 
Kubernetes-commit: 4c8539cece2f0a6e6974b30d00c7341e10320bc5
 2017-10-25 23:54:32 +08:00
David Eads 3cb246ace6 move webhook admission to generic apiserver 
Kubernetes-commit: 8c1fe1f61a1de754a2cfed1966f4a1f8024ca618
 2017-10-24 08:48:05 -04:00
David Eads d3f753a815 update admission webhook to accept client config 
Kubernetes-commit: 0859798e8e278ec382dcbeb77914f40bf2c78a2c
 2017-10-18 12:57:59 -04:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
p0lyn0mial 136304ddb2 removes k8s.io/kubernetes/pkg/api dependency from the webhook plugin. 
Kubernetes-commit: fa96700b76de3df759b3dddb747da575c909acec
 2017-10-09 22:15:25 +02:00
Chao Xu 9074f20eb7 generated 
Kubernetes-commit: bbac32c299eb0660e89870a7fbc698c79af04b51
 2017-10-04 17:27:09 -07:00
Chao Xu 9696b0c05e move initializer to the generic apiserver 
move k8s.io/kubernetes/plugin/pkg/admission/initialization to
k8s.io/apiserver/pkg/admission/plugin/initialization/initialization.go;
move k8s.io/kubernetes/pkg/kubeapiserver/admission/configuration to
k8s.io/apiserver/pkg/admission/configuration.

Kubernetes-commit: 89a0511fcb22caf23427587c026952b2a387f293
 2017-10-04 16:54:08 -07:00
p0lyn0mial 941c87ca76 moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver 
Kubernetes-commit: 475493ced69f47dd78d72ff98bf2c5853fc5ea19
 2017-09-27 22:05:34 +02:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
Cao Shufeng 157dcc8988 fix NamespaceLifecycle admission 
forceLiveLookupCache is designed to save recently deleted namespaces.
But currently, cluster scoped resources are also put into it.
For example, when we run:
kubectl delete clusterrole edit
The "edit" is put into forceLiveLookupCache as a deleted namespace.
This change fix the invalid action.

Kubernetes-commit: a8693b63b910d02397eb4a27873cd7da08242a14
 2017-07-28 13:56:11 +00:00
Jordan Liggitt 4c5bbed295 Never prevent deletion of resources as part of namespace lifecycle 
Kubernetes-commit: 95bf4983dec5909c536d6d602b4cf7a9b5c78c99
 2017-07-19 03:49:08 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
p0lyn0mial 42d367c84c register all generic admission plugins when AdmissionOptions are created. 
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*

move registration to AdmissionOptions

Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
 2017-06-13 20:47:29 +00:00
p0lyn0mial d3a026ac63 move namespace lifecycle plugin to apiserver 
Kubernetes-commit: 1a5da9afc804eed6630caa1a17540d1a171b211a
 2017-06-13 20:47:29 +00:00