Commit Graph

371 Commits

Author SHA1 Message Date
Ibrahim AshShohail 47845b88c3 Update usages of http.ResponseWriter.WriteHeader to use http.Error
Signed-off-by: Ibrahim AshShohail <me@ibrasho.com>

Kubernetes-commit: 2fb3ba71f196031e9b36095d64c921cacc54f44e
2018-10-08 22:20:52 +03:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface.
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
2018-10-15 15:17:36 -07:00
Jordan Liggitt c7c9a358c2 etcd2 code cleanup, remove deserialization cache
Kubernetes-commit: c8db31b84adc40aa875917fbca27b2a787902088
2018-10-15 22:17:44 -04:00
Mike Danese 37ab80320b tokenreview: add APIAudiences config to generic API server and augment context
Kubernetes-commit: 21fd8f204128a7847786927b460d95be34a6dbde
2018-10-09 22:04:52 -07:00
Eric Chiang 13ab2dca08 Remove ericchiang from OWNERS files
Kept myself in the OpenID Connect ones for now.

Kubernetes-commit: 766f5875bfa0d8ce4d52cdb87d12faea527e1492
2018-10-11 18:11:15 -07:00
Jordan Liggitt bd604a62aa Remove deprecated --etcd-quorum-read flag
Kubernetes-commit: cff79c542130831f4a212099974570244a0c9586
2018-10-08 11:04:28 -04:00
Christoph Blecker 92e87e143a Update gofmt for go1.11
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
2018-10-05 12:59:38 -07:00
Zhenguo Niu fbe89f5f9b Remove useless named return value
This cleans up the useless named return value stopCh at
SetupSignalHandler().

Kubernetes-commit: 2e560e797e22c44ac628581486d847c2d5bdbd59
2018-08-02 19:28:17 +08:00
Solly Ross 41e5031224 Populate ClientCA in delegating auth setup
kubernetes/kubernetes#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code.  This restores it.

Kubernetes-commit: 65cea86e4413cb5899c3b89bda375bb326de5093
2018-10-04 12:48:18 -04:00
Jordan Liggitt 3b6fc08803 Remove etcd2 storage backend
Kubernetes-commit: 85ae79500fba7d6e51292b12daff829027b59872
2018-10-01 16:48:14 -04:00
immutablet e9bce895cf Lazily dial kms-plugin.
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
2018-09-12 14:56:44 -07:00
Dr. Stefan Schimanski 1a58e1c6ad apiserver: make InClusterConfig errs for delegated authn/z non-fatal
Kubernetes-commit: 04e793e65ad70df5c4ab280c42740864e54163cd
2018-09-05 09:12:19 +02:00
Dr. Stefan Schimanski c8f47fd79c apiserver: fix misleading delegated authn/z warnings
Kubernetes-commit: 059fce63b755ef6052db273fd6c91f3090036389
2018-09-05 09:11:45 +02:00
Dr. Stefan Schimanski f91709c7f9 kube-controller-manager: disable authn/z on insecure port
This is the old behaviour and we did not intent to change it due to enabled authn/z in general.
As the kube-apiserver this sets the "system:unsecured" user info.

Kubernetes-commit: 8aa0eefce8fbd801a38da46c8704f2d74996e5cd
2018-08-30 19:20:19 +02:00
Justin Santa Barbara ecbc9eada2 Fix grammar in secure-port flag help
The phrasing made it difficult to understand the message.

Kubernetes-commit: c0ded2d9f5beb5eb02b356076166c365073a639a
2018-08-30 18:50:26 -04:00
Dr. Stefan Schimanski c726863192 apiserver: make not-found external-apiserver-authn configmap non-fatal
Kubernetes-commit: 5d56e791bb932cc297de08db302540684e6f9d4c
2018-08-24 18:30:58 +02:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code.
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
2018-07-05 13:57:17 +02:00
Dr. Stefan Schimanski fdd6b9e860 apiserver: forward panic in WithTimeout filter
Kubernetes-commit: eec1b521117aa7271be3a3f0919c88caf5b73c54
2018-08-29 13:44:16 +02:00
Dr. Stefan Schimanski 16d4968bf9 authn/z: optionally opt-out of mandatory authn/authz kubeconfig
Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb
2018-08-22 11:56:07 +02:00
Jordan Liggitt 24a0ab5db2 Size http2 buffers to allow concurrent streams
Kubernetes-commit: 554c0d73282ce7c30f11e0f4d985a6c30cf6e418
2018-08-27 11:46:49 -04:00
David Eads 34ff0933dd expose generic storage factory primitives
Kubernetes-commit: 81b9213ac2cc7744b8a62ac42b269b97c1d17b5a
2018-08-27 10:45:52 -04:00
Dr. Stefan Schimanski cfb1e16b55 apiserver: unify handling of unspecified options in authn+z
Kubernetes-commit: 0ede948e47d33474a4e30c845d7896c58a319e39
2018-08-21 16:42:13 +02:00
Dr. Stefan Schimanski a8bd1ddbf7 delegated authz: add AlwaysAllowPaths mechanism to exclude e.g. /healthz
Kubernetes-commit: 6142e2f8f7c8b1c5d32a2f9aa3715ea0b5baf167
2018-08-17 17:03:16 +02:00
hangaoshuai c27f181946 add unit test func TestServerRunOptionsValidate
Kubernetes-commit: cdef8029d4aea52e607da4101ad44b1b4163f869
2018-08-22 10:19:13 +08:00
hangaoshuai 7e18a5d0a6 add unit test func TestToAuthenticationRequestHeaderConfig
Kubernetes-commit: 0da04d61ab4b70817083c8208af12397b818546a
2018-08-22 10:18:30 +08:00
hangaoshuai 769565b214 add unit test func TestAPIEnablementOptionsValidate
Kubernetes-commit: 73ee10495b5be414b9fae718e5129765c7c3ed19
2018-08-22 10:17:58 +08:00
hangaoshuai c872082b0a add unit test func TestEtcdOptionsValidate and TestParseWatchCacheSizes
Kubernetes-commit: 67a1d53bd74265637718b67c80f48a26b6e653cf
2018-08-22 10:17:26 +08:00
Dr. Stefan Schimanski a549f2934f kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions
Kubernetes-commit: d787213d1b8802d370032d17157ac1de7573ad15
2018-08-06 16:31:23 +02:00
Dr. Stefan Schimanski 3698d7a898 apiserver: move controller-manager's insecure config into apiserver
Kubernetes-commit: 1d9a896066b3e10e8c1a0d506e00bc354b7772f0
2018-08-16 20:47:15 +02:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
2018-03-15 00:44:46 -07:00
xuzhonghu e767cd8dbf kube-apiserver make use of GlogSetter
Kubernetes-commit: 38d48e8d025a9cceccfc8a80d72f751b8bb65dab
2018-06-05 10:32:46 +08:00
fqsghostcloud 0fc525d3c8 fix typo
fix typo

Kubernetes-commit: 18f1ad7dc5392cb4537fa33bd73cdb8dc2c1e523
2018-08-13 17:36:15 +08:00
Chao Wang b0b043eda2 list the default enabled admission plugins
Kubernetes-commit: ee96a5638d21f0da111b1106a82976cc59bbbf67
2018-08-06 17:25:24 +08:00
Tripathi 4e7be504bf Support pulling requestheader CA from extension-apiserver-authentication ConfigMap without client CA
This commit prevents extension API server from erroring out during bootstrap when the core
API server doesn't support certificate based authentication for it's clients i.e. client-ca isn't
present in extension-apiserver-authentication ConfigMap in kube-system.

This can happen in cluster setups where core API server uses Webhook token authentication.

Fixes: https://github.com/kubernetes/kubernetes/issues/65724

Kubernetes-commit: db828a44406efe09e2db91e6dc88d1292c9a29e1
2018-07-18 15:07:09 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
2018-07-27 14:06:29 +08:00
hongjian.sun 300db50c66 fix apiserver pprof redirect bug
Kubernetes-commit: 981f2397815248e12663b01d6cc6d6d963012c95
2018-08-06 19:35:01 +08:00
Solly Ross 42da2694e6 Autoset OpenAPI version w/o SecurityDefinitions
There's code to automatically populate OpenAPI info based on existing
generic apiserver config, but it only fires if securitydefinitions are
present.  This doesn't make much sense, since this info is both required
and independent of security definitions, and there's no easy, generic
way to generate security definitions for an aggregated API server.

Kubernetes-commit: ef73bb684bcc4402f66160f254193d2690b80f11
2018-07-19 17:32:40 -04:00
Mikhail Mazurskiy 0ba502e8f9 Handle errors
Kubernetes-commit: 5cab7f9a57dbbd6e2a181018aae523235843f77d
2018-07-17 20:29:55 +10:00
Dr. Stefan Schimanski 4c6f8fdc17 apiserver: make loopback logic in SecureServingOptions reusable
Kubernetes-commit: dc0a736d1ea924dfa35ece64cb59d551c2a0b51f
2018-07-04 17:08:23 +02:00
Dr. Stefan Schimanski 55957fdc66 apiserver: add SecureServingOptions.ExternalAddress
Before this the advertised IP (which shows up in the server cert) in case of
listening to loopback was the first host interface IP. This makes self-signed
certs non-constant, such that we cannot use fixtures.

Kubernetes-commit: c1c564fd4d21dd68ea14d7ea678d8619f47fe445
2018-07-06 12:32:01 +02:00
Dr. Stefan Schimanski fa6b67b429 apiserver: use fixtures for self-signed certs in test server
Kubernetes-commit: 7deccb5b7a7c5224d3d90e1391dd22b2d1f1b9b9
2018-07-06 12:04:38 +02:00
Clayton Coleman 9cfed8df8c Convert TestServerRunWithSNI to subtests to isolate flake
This test is flaking - make it easier to pin down where and why by
converting to subtests and making cleanup logic easier. Also turn an
ignored listen error into a "fatal".

Make the test run in parallel to speed up individual runs and hopefully
flush out issues.

Kubernetes-commit: 09463975c379114ef9cd42d3c7efb6254b2c3b33
2018-07-09 21:32:15 -04:00
Dr. Stefan Schimanski 9fb7dcda85 kube-apiserver: fix tests which don't use tls yet
Kubernetes-commit: 6bb3aba23dfbfd8b145a33e9d1a461658bd60fc0
2018-07-06 19:20:45 +02:00
Dr. Stefan Schimanski ad29bd83ae kube-apiserver: disallow --secure-port 0
Kubernetes-commit: e15ac9eb72c4e105e7a3d84711e5a6056c0f6a48
2018-07-06 12:58:59 +02:00
Dr. Stefan Schimanski 25a00cd3c1 apiserver: get rid of ReadWritePort in config
Kubernetes-commit: e32f380fa5df4361894570787814d0459baada93
2018-07-04 17:01:49 +02:00
Dr. Stefan Schimanski a2bfc0e5f0 apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration bootstrapping
In analogy to kube-apiserver.

Kubernetes-commit: 42f1e81488d8599c6874e467fe39b91a23654886
2018-06-13 15:53:41 +02:00
Dr. Stefan Schimanski 5746122767 apiserver: don't create self-signed certs with disabled secure serving
Kubernetes-commit: 798535164ae11a7e3c036ed7793aa884942edc88
2018-07-04 19:09:26 +02:00
xuzhonghu ea67b81061 use request.UserAgent()
Kubernetes-commit: 82003bd9acfd15011a205d938f622d9a9efcaf31
2018-07-03 16:56:15 +08:00
Jordan Liggitt 6c34ac4aa5 Add healthz check to ensure logging is not blocked
Kubernetes-commit: b7b4b84afe4405cde976ceeeccb62acecac1c4f0
2018-06-09 17:32:14 -04:00
jennybuckley 900791d3ac Add additional authorization check for create-on-update
Kubernetes-commit: cc5c17e554a4d8f802043b337ca0787ec0ce7475
2018-07-03 11:20:16 -07:00