37ab80320b
tokenreview: add APIAudiences config to generic API server and augment context
...
Kubernetes-commit: 21fd8f204128a7847786927b460d95be34a6dbde
2018-10-09 22:04:52 -07:00
7dbcbd39e2
Remove deprecated legacy audit logging code.
...
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
2018-07-05 13:57:17 +02:00
e767cd8dbf
kube-apiserver make use of GlogSetter
...
Kubernetes-commit: 38d48e8d025a9cceccfc8a80d72f751b8bb65dab
2018-06-05 10:32:46 +08:00
42da2694e6
Autoset OpenAPI version w/o SecurityDefinitions
...
There's code to automatically populate OpenAPI info based on existing
generic apiserver config, but it only fires if securitydefinitions are
present. This doesn't make much sense, since this info is both required
and independent of security definitions, and there's no easy, generic
way to generate security definitions for an aggregated API server.
Kubernetes-commit: ef73bb684bcc4402f66160f254193d2690b80f11
2018-07-19 17:32:40 -04:00
4c6f8fdc17
apiserver: make loopback logic in SecureServingOptions reusable
...
Kubernetes-commit: dc0a736d1ea924dfa35ece64cb59d551c2a0b51f
2018-07-04 17:08:23 +02:00
25a00cd3c1
apiserver: get rid of ReadWritePort in config
...
Kubernetes-commit: e32f380fa5df4361894570787814d0459baada93
2018-07-04 17:01:49 +02:00
6c34ac4aa5
Add healthz check to ensure logging is not blocked
...
Kubernetes-commit: b7b4b84afe4405cde976ceeeccb62acecac1c4f0
2018-06-09 17:32:14 -04:00
900791d3ac
Add additional authorization check for create-on-update
...
Kubernetes-commit: cc5c17e554a4d8f802043b337ca0787ec0ce7475
2018-07-03 11:20:16 -07:00
47a9a6d77a
fix go import
...
Kubernetes-commit: 57393ec932398b6f53c6593421bfe0b12d445518
2018-06-01 14:05:44 +08:00
f0fd6a74c2
Support dynamicly set logging verbosity
...
Kubernetes-commit: 73a22b2e611647de04aa8d7fe910fd4657e6a9d8
2018-05-14 16:19:38 +08:00
4645ab9a4c
Correctly identify types served in the kube-apiserver openapi doc
...
Kubernetes-commit: 43551e82081a1fa364879bd49e67095a3fc0926b
2018-05-22 19:29:00 -04:00
25758bf0f8
Remove request context mapper
...
Kubernetes-commit: 8ea88a5092c767fc3141512db924fd0435f7670e
2018-04-18 11:12:15 -04:00
1075399c96
apiserver: enforce shared RequestContextMapper in delegation chain
...
Kubernetes-commit: 9f906618f04baceaf923e873530f9741e80ad2cb
2018-04-04 10:05:06 +02:00
416f1ae672
update metrics to true like it is for kube-apiserver
...
Kubernetes-commit: 456fd386dc6db8ba5ced338a5935de8229c14047
2018-03-09 14:36:04 -05:00
aa5d4f9f32
Fixes for HTTP/2 max streams per connection setting
...
This PR makes two changes. One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection. If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250).
The other change is to make the recommended options for an aggregated
api-server set this limit to 1000. The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).
Fixes #60042
Kubernetes-commit: 201c11f147c85b029665915bee3a62eea19d6d57
2018-02-19 14:18:07 -05:00
a7b5c83c7b
apiserver: fix some typos from refactor
...
introduced in #59582
Kubernetes-commit: 83c1334e5110e6f492f0e375488978ebb16a62a5
2018-02-14 17:47:42 -08:00
338a852bbb
apiserver: make SecureServingOptions and authz/n options re-usable
...
Kubernetes-commit: 4e0114b0dd3701b68c02d038edcf4fbe84515a68
2018-01-31 16:17:48 +01:00
0989af6244
remove --tls-ca-file which had no effect
...
Kubernetes-commit: 114711f77d1f12e10b1190db02ca17302992f5ad
2018-01-29 10:29:14 -05:00
f5af0796fc
pass APIEnablement through apiserver chain
...
Kubernetes-commit: 2f403b7ad18a179514f1de77e29f1a2549ef030a
2017-12-21 11:27:20 +08:00
9dd28d8beb
Fix ExternalAddress parsing problem under IPv6
...
`!strings.Contains(host, ":")` will fail miserably under ipv6
Kubernetes-commit: c258d4df84089b08b9cbd37b1dee4b00576a2532
2018-01-04 14:00:04 -05:00
30e6bc192e
Drop using cloud provider to set host address feature
...
As part of the larger plan to drop --cloud-provider and --cloud-config
from kube-apiserver, we need to stop calling Cloud Provider API to
find the external ip address when one is not specified on the command
line.
When ExternalHost is not specified, we check if AdvertiseAddress is
specified and use that, if that is missing then we use os.Hostname().
When testing this feature, found a problem that when ExternalHost
is specified, the port was not added in the generated URL. So fixed
that as well.
Kubernetes-commit: 31332fa84a0928085200ba5a2e35118516ee2c48
2017-12-04 15:06:07 -05:00
170e8ac6dd
pass listener to genericapiserver
...
Kubernetes-commit: 6ba30f678c232793430a98770e7a851f1e814fd2
2017-11-16 13:32:12 +08:00
065ff42f34
gracefully shutdown apiserver after all non-long running requests finish
...
Kubernetes-commit: db4f0de28075f34bb4bfa8d821ad25cd3a7eba1f
2017-11-02 19:29:31 +08:00
eecedb2781
Revert "audit backend run shutdown gracefully after http handler finish"
...
This reverts commit f42686081bff88e44b339562c4927775f4439671.
Kubernetes-commit: f6a89df3fb719f4db565c7dade63575ccbdb3031
2017-10-30 15:26:51 +01:00
d1aa17bde6
audit backend run shutdown gracefully after http handler finish
...
Kubernetes-commit: f42686081bff88e44b339562c4927775f4439671
2017-10-20 16:26:49 +08:00
80d8099973
Added PreShutdownHooks to the apiserver
...
Kubernetes-commit: 0840e6d86925f9bfa0b9beea0e7ddf52791e8523
2017-10-12 21:20:46 -04:00
063df5c7b3
fix typos: remove duplicated word in comments
...
Kubernetes-commit: 87c29a08e1f51b2989ff15fc3e5857bc287e401f
2017-06-17 17:17:22 +08:00
f189d35f0e
removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer.
...
Kubernetes-commit: 6b1f1d14148fe3962594d8f4c9ca15d1c6171819
2017-10-03 18:08:30 +02:00
97e22b00fa
apiserver: split core API creation from secure serving
...
Kubernetes-commit: 2b64d3a0fd2ccdad4b2f21acb484a36e04381856
2017-09-09 21:44:32 +00:00
75cf96f31e
apiserver: stratify versioned informer construction
...
Kubernetes-commit: ca3f7453464f6866a3bf467c8b9d8e132484cfb4
2017-09-09 21:44:32 +00:00
e4b1b0656b
apiserver: make config completion structural recursion
...
Kubernetes-commit: 1bcea54104cb7f53e58924dd5413cf4ba7ceb587
2017-09-09 21:44:32 +00:00
9f885389e9
make url parsing in apiserver configurable
...
Kubernetes-commit: ccc7c9bdfa80caee93953a96dec0d689d93f08e5
2017-09-04 14:03:48 +00:00
eaf131e1fc
Provide whole delegate chain to kube aggregator
...
Kubernetes-commit: 7cbdb90890ac89ec15be2b21b5cbdc51e94e42d6
2017-09-04 14:03:46 +00:00
677d724b3a
Allow audit to log authorization failures
...
Kubernetes-commit: 9fef244d4ccce0ea8daf37ab86a7af4892d000cf
2017-09-03 14:04:12 +00:00
a50d8a0b4f
add selfsubjectrulesreview api
...
Kubernetes-commit: f14c1384387ac196e87334b5a0e05e01d7581387
2017-09-03 14:04:10 +00:00
e1e8bebf50
Add --request-timeout to allow the global request timeout of 60 seconds to be configured.
...
Kubernetes-commit: cb764756c6f152bfb866b161315369bc47ebf13c
2017-08-29 13:18:50 +00:00
c229fe60e4
fix typo in staging/src/k8s.io/apiserver/pkg/server/config.go
...
Kubernetes-commit: 1382d2f6e8baa2342e2b117b527d4b74d3b539ee
2017-08-29 13:13:50 +00:00
e671fe20d7
Update main repo references to new kube-openapi repo
...
Kubernetes-commit: 400b77b48f972b1e10854980586559d5852088c7
2017-08-29 13:13:04 +00:00
7f0ff974d5
rate limiting should not affect system masters
...
Kubernetes-commit: 8a3b4d81e6c3a74fa1afa5fd17d3bf42ba1e856d
2017-07-28 13:56:11 +00:00
276c240fae
Fix 401/403 apiserver errors do not return 'Status' objects
...
Kubernetes-commit: 3d6479f7216dcb61e56ab6dd53fad7176930645d
2017-07-05 23:59:23 +00:00
fc0bd6b232
make the panic handler first
...
Kubernetes-commit: 9b43bd4a5b234d528ebc0fd059ae69eedced8c7f
2017-07-05 23:59:22 +00:00
b74e5942e2
add compression to GET and LIST api requests
...
this feature is gated; disabled by default
Kubernetes-commit: c305f72315a83c16c40fbbfd06b563f9e67208ff
2017-06-28 00:14:31 +00:00
10de73bc53
move CRD behind TPR
...
Kubernetes-commit: 18177e2bdeafbddeb3d66fec0b8cb88794cd69ff
2017-06-13 20:47:29 +00:00
8ff532a4cb
Implement audit policy logic
...
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
2017-06-13 20:47:28 +00:00
ec8d130fa7
audit: wire through non-nil context everywhere
...
Kubernetes-commit: ce942d19c378ecd335e7e158e30cdc184f9d6184
2017-06-13 20:47:28 +00:00
f7d766d92d
audit: add audit event to the context and fill in handlers
...
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
2017-06-13 20:47:28 +00:00
6bd3c73150
apiserver: move LongRunningRequestCheck type into endpoints/request
...
Kubernetes-commit: c1bf6e832e2887ef6cd0e7b7fa97a168fdf474e5
2017-06-13 20:47:27 +00:00
ceeef3670c
This PR implements AdmissionOptions.ApplyTo
...
ApplyTo adds the admission chain to the server configuration the method lazily initializes a generic plugin
that is appended to the list of pluginInitializers.
apiserver.Config will hold an instance of SharedInformerFactory to ensure we only have once instance.
The field will be initialized in apisever.SecureServingOptions
Kubernetes-commit: 8cea69aa9812d6627ebdfa4f8b9c1d7624a8f3f5
2017-05-16 17:27:50 +00:00
49f3eb05d8
refactor names for the apiserver handling chain
...
Kubernetes-commit: 4389f715768661731f0aae7438b2cc8414c9746a
2017-05-12 17:30:09 +00:00
a44fceadf3
Update go-restful dependency
...
Kubernetes-commit: ea042c6ca0fc7eb8017012ca56d6879b8cf10637
2017-05-12 17:30:08 +00:00
Mike Danese
Marian Lobur
xuzhonghu
Solly Ross
Dr. Stefan Schimanski
Jordan Liggitt
jennybuckley
David Eads
Mike Spreitzer
Davanum Srinivas
Robert Rati
supereagle
p0lyn0mial
mbohlool
Maciej Szulik
xilabao
Joe Betz
huangjiuyuan
Shiyang Wang
Scott Weiss
Tim St. Clair