kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,013 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

132 Commits

Author SHA1 Message Date
Christoph Blecker e0f0630269 Regenerate all generated code 
Kubernetes-commit: 80e344644e2b6222296f2f03551a8d0273c7cbce
 2018-01-02 00:21:07 -08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Tim Allclair e9e963c6d2 Fix admission metrics tests 
Kubernetes-commit: cca35ae141544e04cdf9e7c3ace201bc58091c5e
 2017-12-13 15:45:24 -08:00
hzxuzhonghu d14a5efcb8 remove dead code in lifecycle admission 
Kubernetes-commit: 22398f8d3c0d71db5869eace174f5721f8499224
 2017-12-05 19:40:31 +08:00
hzxuzhonghu 2d197ca9f2 fix typo and adjust import sequence 
Kubernetes-commit: 185d5c1f3debec7f7c81cd713307134103038497
 2017-11-08 11:43:56 +08:00
Joe Betz 1f633a162d Reduce memory footprint of admission metrics 
Kubernetes-commit: 92dd8b50f304ce19d62b8acf23d1b8c4f9bae00b
 2017-11-26 21:54:50 -08:00
David Eads 6d575ed0c4 require webhook admission kubeconfigfile to be absolute 
Kubernetes-commit: 7e6ce2a04ce8ede20e3bdbcb8a5680a8e54c47a2
 2017-11-22 08:17:47 -05:00
Kubernetes Submit Queue e16244b0bc Merge pull request #55812 from deads2k/admission-17-external 
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Make versioned types for webhook admission config

Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414.

@kubernetes/sig-api-machinery-pr-reviews
@ericchiang as promised.  fyi.

```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
  configuration:
    kind: WebhookAdmission
    apiVersion: apiserver.config.k8s.io/v1alpha1
    kubeConfigFile: /path/to/my/file
```

`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`

Kubernetes-commit: 25ebf875b4235cb8f43be2aec699d62e78339cec
 2017-12-07 04:34:43 +00:00
Chao Xu 70de900800 update-all generated 
Kubernetes-commit: fcf4f15c89c8faf3f23171ea50b9c460ea67a76b
 2017-11-19 13:41:10 -08:00
Chao Xu 98e2d6d11f remove reference to v1alpha1 
Kubernetes-commit: 7945ae68d0c7cffb070d60ad4d8bfe6ef585c279
 2017-11-19 13:54:50 -08:00
Dr. Stefan Schimanski 2ee052ccdf admission: make metrics compositional and move to metrics sub-package 
Kubernetes-commit: baba0c827bfddfdc56b69c88e19406966ef900a2
 2017-11-17 11:49:55 +01:00
Joe Betz f7181e20ae #55183 follow up: Reinstate admission chain composition and ns test 
Kubernetes-commit: d82ae45a4cf7e34cf02755b7eaa6e040da590d67
 2017-11-16 21:20:14 -08:00
Chao Xu 86dc6e7b4e Update the validating webhook plugin to be a ValidatingInterface, rather than a MutatingInterface 
Kubernetes-commit: cbfc9d33b7c6b9e767e4259910f783c047e83583
 2017-11-20 14:57:07 -08:00
Dr. Stefan Schimanski 45dc4adcc3 admission/webhook: move webhook initializer into plugin 
Kubernetes-commit: e19257f2ec87d8091defb7935bb3a161fbb229d0
 2017-11-15 13:00:24 +01:00
Chao Xu 8a572a63d4 Rename GenericAdmissionWebhook to ValidatingAdmissionWebhook 
Kubernetes-commit: d3c0765780fed5576670d6624cc3cc8d691d6392
 2017-11-17 21:05:11 -08:00
Chao Xu ed64135818 Rename the testdata package to testcerts. 
`godep save` somehow fails if there is a testdata go package. See
https://github.com/kubernetes/kubernetes/pull/54892#issuecomment-345035489

Kubernetes-commit: 2052a7e2a3483e341a5a8d1fc5ae8510dd32b2c6
 2017-11-17 13:24:48 -08:00
Chao Xu 1b638a5be7 generated bazel 
Kubernetes-commit: 6193360eb52b00727df08f67eb8fc364a8df85e9
 2017-11-15 16:21:28 -08:00
Chao Xu cb8d15718f Adding the mutating webhook 
Kubernetes-commit: ea123f82aae5bc46b9a91c4543c8f742d0db52da
 2017-11-14 16:36:28 -08:00
cheftako 556a83dbf9 Admission request/response handling 
AdmissionResponse allows mutating webhook to send apiserver a json patch
to mutate the object.
This reflects the imperative nature of AdmissionReview. It adds
AdmissionRequest and AdmissionResponse in place of status/spec.
The AdmissionResponse the allows the mutating webhook
to send back a json path with the mutated version of the requested
object.
Fixed the integration test to clean up properly.
Switched test image to 1.8v5 to reflect API changes.
Make sure to cache test framework client for cleaup test code.
Switched to pointer for patch type.
Factored in @liggitt's feedback.
Factored in @lavalamp's feedback.

Kubernetes-commit: dac3c2e168784bbcf1cbfef8bf5430101e191715
 2017-11-06 15:41:26 -08:00
Chao Xu 0159c24faf generated bazel 
Kubernetes-commit: 47ef9aaf2297829998eb1a0a804de9209c1008f1
 2017-11-14 16:29:23 -08:00
Chao Xu da1d210644 Reorganize the code in webhook admission plugin. 
Move the namespace selector code to package webhook/namespace
Move the conversion related code to package to webhook/versioned
Move errors related code to package webhook/errors
Move admission review related code to package webhook/request

Kubernetes-commit: 51774697b35314b078270e9da24fbe0ff843b981
 2017-11-14 15:20:45 -08:00
Chao Xu f88f0f12a1 Reorganize the admission webhook code. 
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.

Kubernetes-commit: 1adfacc7eb41da109e970a9c2985fd55b4cbbdfd
 2017-11-05 18:11:47 -08:00
Joe Betz 5f443f1654 Align admission metric names with prometheus guidelines 
Kubernetes-commit: 369fd81ca151fe2ccb1ac0e6d44aad0eee99abf1
 2017-11-14 11:18:31 -08:00
Joe Betz 3773a59cf0 Remove is_system_ns from admission metrics 
Kubernetes-commit: 375e2d03ab8c70c8c84676a7eee8b46646036bde
 2017-11-13 12:34:36 -08:00
Joe Betz f3058e0b10 Fix admission metrics to track mutating/validating correctly 
Also update admission test mocks to better reflect typical usage and fix broken tests.

Kubernetes-commit: 2643c6ae3e7b7bc09e1d3eb695a438b190123083
 2017-11-08 17:26:31 -08:00
Joe Betz a1e35e7bfe Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 
Kubernetes-commit: 9d13d1baece20fc611176aad3b6f39ccf9fa4b36
 2017-11-06 17:48:59 -08:00
Joe Betz f2028cc5a5 Add admission metrics 
Kubernetes-commit: 3940e4f0533a7ee8e50ec939cdcb44c33d4a0ae9
 2017-11-06 14:14:33 -08:00
foxyriver dbacfae1f8 stop timer 
Kubernetes-commit: cdc4aca9a3d53e21cca4b784718732a9a0852084
 2017-11-06 09:51:39 +08:00
Chao Xu 9dda7d3efb let validation webhook convert objects to the external version before sending them 
Kubernetes-commit: ab053a224d27aa48ea4b34ba7591cfd72c3f567d
 2017-11-03 16:49:56 -07:00
Daniel Smith bee24b37a5 fix docs and validation 
Kubernetes-commit: e73fd8784484235d5010f4b2bba2251a584c5dd0
 2017-11-11 18:00:32 -08:00
Daniel Smith 51c2612984 Add URL beside service 
Kubernetes-commit: a0cb2ce697c195d22daeef4fbe6545bdaba11e2f
 2017-10-31 16:28:06 -07:00
Chao Xu 640cf74d8c generated 
Kubernetes-commit: 2f83748068e45fd548b1caaac2cc0ca06a769653
 2017-11-10 11:06:07 -08:00
Chao Xu 512274139c add NamespaceSelector to the api 
business logic in webhook plugin and unit test

add a e2e test for namespace selector

Kubernetes-commit: 7006d224bebb5a1aee9c70387a8584e0a0e8b10f
 2017-10-27 14:42:09 -07:00
hzxuzhonghu 69a65358c5 update bazel 
Kubernetes-commit: b845e26983741c5d12e621604b5e064e03d4fed1
 2017-11-03 10:06:07 +08:00
hzxuzhonghu 45d6a78b3f cache admission webhook restClient 
Kubernetes-commit: 42d9153a03e971453ccf8e46e149a20a9ff3d656
 2017-10-31 19:08:29 +08:00
hzxuzhonghu c37db061da remove redundant code in admission initializer 
Kubernetes-commit: 9d1e6d3e2cc25db8e07db446d00390059c8264f8
 2017-11-08 10:54:06 +08:00
mbohlool db766abbf7 Update generated files for MutatingWebhookConfiguration 
Kubernetes-commit: 4568e0530c53df81d1bbd5e700daca041a1d8439
 2017-11-07 17:29:01 -08:00
mbohlool 2aa55c4d47 Add MutatingWebhookConfiguration type 
Kubernetes-commit: fc5a613c17c81fdda54158d58a19bd6089ae9882
 2017-11-07 12:49:19 -08:00
mbohlool e57a4d504d Update generated files 
Kubernetes-commit: cb43840492b383f4e1b87d7108d51c6439e1dad5
 2017-11-07 12:42:06 -08:00
mbohlool 3846cb803e Rename ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration 
Kubernetes-commit: 9ddea83a2ce0937cf0fc8f8c35614bb18e74cfad
 2017-11-07 12:46:54 -08:00
Dr. Stefan Schimanski d10f10b8ac pkg/apis/core: mechanical import fixes in dependencies 
Kubernetes-commit: 012b085ac870d359131f4251213bf2fff1d15aa0
 2017-11-08 23:34:54 +01:00
supereagle 80475e014f use versiond group clients from client-go 
Kubernetes-commit: b694d518428ac655780d812f7dd4cf72d3e24763
 2017-07-28 15:54:13 +08:00
Dr. Stefan Schimanski 204da0b2db apiserver: add validating admission tests 
- in endpoint tests
- in generic registry
- in patch handler
- in admission chain

Kubernetes-commit: c558d2a3517fafdb704edd2c00b6df6738786959
 2017-11-07 10:40:43 +01:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Janet Kuo 201480baa2 Add hook information when rejecting a request 
Kubernetes-commit: 948bd7bbc18b343161120b365c089528f8fc0550
 2017-10-27 14:59:54 -07:00
hzxuzhonghu 164593bb0a refactor admission handler and add UT 
Kubernetes-commit: ac7ca5bd0a3e5448a3d3ce89aeffa028f026b5ca
 2017-11-03 16:40:15 +08:00
Dr. Stefan Schimanski 45afa13373 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 
Kubernetes-commit: aedcf681b32618be3cf9ad40eeb039f1bb26c5ae
 2017-10-27 17:09:39 +02:00
Dr. Stefan Schimanski 3eeded3a29 admission: wire create+update validation func into kube registries 
Kubernetes-commit: 2452afffe09e1ced9487e5a701beb1443a92b741
 2017-10-24 15:33:28 +02:00
Dr. Stefan Schimanski 441ac63056 admission: complete plumbing of validation admission 
Kubernetes-commit: 74b4223ab80fa3bbf326ac1073ef28f0b8daa304
 2017-10-24 14:08:34 +02:00
Dr. Stefan Schimanski 118e16448c admission: split MutationInterface out of Interface 
Kubernetes-commit: d4f48c931383f35e5e1a227a4291b8c0503e2433
 2017-10-24 11:24:04 +02:00
Dr. Stefan Schimanski a8fb04360a admission: { -> Mutating}Admit(admission.Attributes) 
Kubernetes-commit: 970d2553cca466c1236f1e91b3161cb1a69dbdd2
 2017-10-23 14:26:38 +02:00
David Eads a2e3d31f52 add wiring for validating admission 
Kubernetes-commit: 02e16cb253f01303d71ad4e8d6aa578d1ab79c0a
 2017-10-19 09:44:42 -04:00
Dr. Stefan Schimanski 777cf3c0ef admission: unify plugin constructors 
Kubernetes-commit: 131905cdb8b929f7c15f810e02ec9a45b306b769
 2017-10-30 14:20:40 +01:00
hzxuzhonghu 749c4d2360 fix import warning 
Kubernetes-commit: fcf4a0e191449925148783517cfe7ade234a2510
 2017-10-30 10:16:13 +08:00
Chao Xu 7d5fb56d23 Add a e2e test for the admission webhook 
Kubernetes-commit: 88cb71c421e4db6c15b9ec9f4c605c8779b15a33
 2017-10-13 14:37:37 -07:00
Chao Xu 3843f2885c remove the nesting directory webhook/webhook 
Kubernetes-commit: ca8131877ad4fcab76388360e04ff9eb05af41a4
 2017-10-26 14:19:49 -07:00
Kevin 41430fda7c use core client with explicit version globally 
Kubernetes-commit: 4c8539cece2f0a6e6974b30d00c7341e10320bc5
 2017-10-25 23:54:32 +08:00
David Eads 3cb246ace6 move webhook admission to generic apiserver 
Kubernetes-commit: 8c1fe1f61a1de754a2cfed1966f4a1f8024ca618
 2017-10-24 08:48:05 -04:00
David Eads 4c7d4a45ad update admission webhook to handle multiple auth domains 
Kubernetes-commit: fd4ab3e061ff44515d5107e1ae3e9d6469d956aa
 2017-10-23 09:35:08 -04:00
David Eads d3f753a815 update admission webhook to accept client config 
Kubernetes-commit: 0859798e8e278ec382dcbeb77914f40bf2c78a2c
 2017-10-18 12:57:59 -04:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
p0lyn0mial 136304ddb2 removes k8s.io/kubernetes/pkg/api dependency from the webhook plugin. 
Kubernetes-commit: fa96700b76de3df759b3dddb747da575c909acec
 2017-10-09 22:15:25 +02:00
Chao Xu 9074f20eb7 generated 
Kubernetes-commit: bbac32c299eb0660e89870a7fbc698c79af04b51
 2017-10-04 17:27:09 -07:00
Chao Xu 9696b0c05e move initializer to the generic apiserver 
move k8s.io/kubernetes/plugin/pkg/admission/initialization to
k8s.io/apiserver/pkg/admission/plugin/initialization/initialization.go;
move k8s.io/kubernetes/pkg/kubeapiserver/admission/configuration to
k8s.io/apiserver/pkg/admission/configuration.

Kubernetes-commit: 89a0511fcb22caf23427587c026952b2a387f293
 2017-10-04 16:54:08 -07:00
p0lyn0mial 941c87ca76 moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver 
Kubernetes-commit: 475493ced69f47dd78d72ff98bf2c5853fc5ea19
 2017-09-27 22:05:34 +02:00
guangxuli 768926168b fix incorrect logic 
Kubernetes-commit: d4b41afe59736e63c0f5388256324c2583d7a659
 2017-08-29 13:16:14 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
deads2k f3aa141adb make admission tolerate object without objectmeta for errors 
Kubernetes-commit: 62272a221c5c77cbc2c3e7d0dd56f0064ac2d00c
 2017-08-29 13:13:06 +00:00
Cao Shufeng 157dcc8988 fix NamespaceLifecycle admission 
forceLiveLookupCache is designed to save recently deleted namespaces.
But currently, cluster scoped resources are also put into it.
For example, when we run:
kubectl delete clusterrole edit
The "edit" is put into forceLiveLookupCache as a deleted namespace.
This change fix the invalid action.

Kubernetes-commit: a8693b63b910d02397eb4a27873cd7da08242a14
 2017-07-28 13:56:11 +00:00
Jordan Liggitt 4c5bbed295 Never prevent deletion of resources as part of namespace lifecycle 
Kubernetes-commit: 95bf4983dec5909c536d6d602b4cf7a9b5c78c99
 2017-07-19 03:49:08 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
p0lyn0mial 42d367c84c register all generic admission plugins when AdmissionOptions are created. 
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*

move registration to AdmissionOptions

Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
 2017-06-13 20:47:29 +00:00
p0lyn0mial d3a026ac63 move namespace lifecycle plugin to apiserver 
Kubernetes-commit: 1a5da9afc804eed6630caa1a17540d1a171b211a
 2017-06-13 20:47:29 +00:00
deads2k 283dd09ef7 tighten and simplify owners in some staging repos 
Kubernetes-commit: e7871dbab26459163fd916b83563c4815c7ca43c
 2017-06-13 20:47:27 +00:00
Mike Danese 2aab760a2a autogenerated 
Kubernetes-commit: a05c3c0efdc5822049e34b1a5a1ee259c5fb1906
 2017-04-15 20:35:23 +00:00
Dr. Stefan Schimanski 320e34b1d9 pkg/admission: make plugin registry non-global 
Kubernetes-commit: 63f547e1b15ed94ef91c69a7e294b3506bd8c918
 2017-04-12 20:35:22 +00:00
p0lyn0mial d711b4901e Admission plugin initializer for the generic API server. 
This PR implements a standard admission plugin initializer for the generic API server.
The initializer accepts external clientset, external informers and the authorizer.

Kubernetes-commit: 86e06e2401c3f8d5fc5217858612dcf5db39f27d
 2017-03-31 20:37:15 +00:00
deads2k 1227857843 move admission read logic 2017-02-13 07:36:41 -05:00
deads2k 0243c13f2a move admission to genericapiserver 2017-01-19 10:27:27 -05:00