apiserver

Commit Graph

Author	SHA1	Message	Date
Joe Betz	97937c66f2	Revert nested trace PR#88936 Kubernetes-commit: 02cf58102a61b6d1e021e256381ff750573ce55d	2020-07-20 09:55:05 -07:00
Joe Betz	7a467399ac	Enable nested tracing, add request filter chain tracing incl. authn/authz tracing Kubernetes-commit: b12ac0abc64adb71d97fbde12f373b1424631f20	2020-03-06 16:11:21 -08:00
Jordan Liggitt	ff5372c83d	Add warnings capability for admission webhooks Kubernetes-commit: 5eef60a00aeb18eda4238dbd8f6dc96930a6a05a	2020-06-30 16:27:56 -04:00
Jordan Liggitt	d7d5d84691	apiserver: add API server plumbing for adding warnings Kubernetes-commit: e5e557e90257d5bc69f1fabf253f87491e0868b2	2020-04-14 16:10:54 -04:00
Davanum Srinivas	5879417a28	switch over k/k to use klog v2 Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5	2020-04-17 15:25:06 -04:00
Monis Khan	1873d19869	Allow handlers early in the request chain to set audit annotations This change adds the generic ability for request handlers that run before WithAudit to set annotations in the audit.Event.Annotations map. Note that this change does not use this capability yet. Determining which handlers should set audit annotations and what keys and values should be used requires further discussion (this data will become part of our public API). Signed-off-by: Monis Khan <mok@vmware.com> Kubernetes-commit: 0bc62112adf270ef4efada37286319c229324c7b	2020-03-19 20:02:37 -04:00
Monis Khan	7fa523535d	Remove support for basic authentication This change removes support for basic authn in v1.19 via the --basic-auth-file flag. This functionality was deprecated in v1.16 in response to ATR-K8S-002: Non-constant time password comparison. Similar functionality is available via the --token-auth-file flag for development purposes. Signed-off-by: Monis Khan <mok@vmware.com> Kubernetes-commit: df292749c9d063b06861d0f4f1741c37b815a2fa	2020-03-11 14:31:31 -04:00
immutablet	e6ae7336e6	Factor-out metrics related logic from authentication logic. Kubernetes-commit: c0bad80e5b4bf56757e1a4999e831a5341693203	2020-01-28 15:53:25 -08:00
Mike Danese	44b9fc84ab	migrate callers to g/g/uuid Kubernetes-commit: a4ca9e6c93e45b4a97e7d04df37362299088f64a	2019-11-04 23:15:20 -08:00
RainbowMango	5f565617cd	Add metrics of authentication overall latency. Add alpha tags to authentication_attempts explicitly. Kubernetes-commit: 0c0d69e8be69fd2e1c62a292ed44be6c0d4158fc	2019-09-04 20:50:24 +08:00
Jordan Liggitt	d1d66bda16	Propagate context to Authorize() calls Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915	2019-09-24 10:06:32 -04:00
Ted Yu	a64485969d	Verify the response audience matches one of apiAuds Kubernetes-commit: d66d0472057dc59dff5ac686aea4304e5fe2eded	2019-09-13 06:41:23 -07:00
RainbowMango	a9e8b3830d	Add authentication metrics: overall failure and error count Kubernetes-commit: a7ac3b9bbe3f3e35117bd7109997e58ce467f0a9	2019-08-16 19:30:43 +08:00
David Eads	ad3b19aeee	add cache-control headers to kube-apiserver Kubernetes-commit: f589c1213c8ba4fa0e31c523b2e9dcc27298084f	2019-08-26 09:39:29 -04:00
Han Kang	3e6e1db500	add some documentation around the metrics stability migration changes for clarity Kubernetes-commit: 4e5d906c4d008f914b0ede26ea91533d6343dec5	2019-08-26 19:15:30 -07:00
Han Kang	b9084e350a	migrate kube-apiserver metrics to stability framework Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123	2019-08-22 15:38:42 -07:00
Jordan Liggitt	fd78427347	Populate API version in synthetic authorization requests Kubernetes-commit: 2899abb65cf459d6ab1d61f24fe82555f87a306f	2019-07-10 21:29:25 -04:00
Clayton Coleman	e4e8608ba0	Use CodecFactory.WithoutConversion() everywhere Clarifies that requesting no conversion is part of the codec factory, and future refactors will make the codec factory less opionated about conversion. Kubernetes-commit: 7f9dfe58f4cbe1e1b9e80f52addff70bac87bed4	2019-04-03 13:24:37 -04:00
Justin SB	bf98046128	Remove executable file permission from OWNERS files Kubernetes-commit: dd19b923b7c26420af39fcf4eedfa213b236c8d3	2019-01-03 12:18:20 -05:00
Roy Lenferink	4c9524b9fb	Updated OWNERS files to include link to docs Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f	2019-01-30 20:05:00 +01:00
Daniel Kłobuszewski	877329b0f3	Add option to k8s apiserver to reject incoming requests upon audit failure Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f	2018-07-03 14:40:55 +02:00
Davanum Srinivas	2710b17b80	Move from glog to klog - Move from the old github.com/golang/glog to k8s.io/klog - klog as explicit InitFlags() so we add them as necessary - we update the other repositories that we vendor that made a similar change from glog to klog * github.com/kubernetes/repo-infra * k8s.io/gengo/ * k8s.io/kube-openapi/ * github.com/google/cadvisor - Entirely remove all references to glog - Fix some tests by explicit InitFlags in their init() methods Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135 Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c	2018-11-09 13:49:10 -05:00
Mike Danese	1692373df9	move audience context functions to authenticator package Kubernetes-commit: 817cf70191b73d1ee9f4e7af83089e5854e5131d	2018-10-31 14:50:11 -07:00
Samuel Davidson	d8ee4bc0cb	Revert "limit forbidden error to details of what was forbidden" This reverts commit ecbd0137957b4afd4cdd94c0209998228fd70e99. Kubernetes-commit: 294e02ed4b341fe9497cdfadb93cf19f1e64243f	2018-10-26 15:58:09 -07:00
Ibrahim AshShohail	47845b88c3	Update usages of http.ResponseWriter.WriteHeader to use http.Error Signed-off-by: Ibrahim AshShohail <me@ibrasho.com> Kubernetes-commit: 2fb3ba71f196031e9b36095d64c921cacc54f44e	2018-10-08 22:20:52 +03:00
Mike Danese	2ced48ac6e	rebase authenticators onto new interface. Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6	2018-10-15 15:17:36 -07:00
xichengliudui	21f232e065	Remove duplicate words Kubernetes-commit: e39448237370df37d2f77bf98cf951a19b1e5b6c	2018-10-15 15:55:49 -04:00
Mike Danese	37ab80320b	tokenreview: add APIAudiences config to generic API server and augment context Kubernetes-commit: 21fd8f204128a7847786927b460d95be34a6dbde	2018-10-09 22:04:52 -07:00
Marian Lobur	7dbcbd39e2	Remove deprecated legacy audit logging code. Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750	2018-07-05 13:57:17 +02:00
Jordan Liggitt	3dc9519ac3	limit forbidden error to details of what was forbidden Kubernetes-commit: ecbd0137957b4afd4cdd94c0209998228fd70e99	2018-08-20 15:36:39 -04:00
Jake Sanders	41bff9cd5e	Escape illegal characters in remote extra keys Signed-off-by: Jake Sanders <jsand@google.com> Kubernetes-commit: f35e3d07c9898f8ec156209a868fa4451eb9afe2	2018-07-03 21:19:15 -07:00
Mike Danese	cd0258b4d7	replace request.Context with context.Context Kubernetes-commit: 54fd2aaefd11e12a3ecb6d1a1326f04cdc8ea1a3	2018-04-24 08:10:34 -07:00
Jordan Liggitt	25758bf0f8	Remove request context mapper Kubernetes-commit: 8ea88a5092c767fc3141512db924fd0435f7670e	2018-04-18 11:12:15 -04:00
Cao Shufeng	e8101c4ca7	Log rbac info into advanced audit event Kubernetes-commit: e87c2c9f27f7f9756a8b664d118d357b166bbd14	2018-01-22 15:19:15 +08:00
Kubernetes Publisher	627fa76a8b	sync: initially remove files BUILD /BUILD BUILD.bazel /BUILD.bazel	2018-03-15 09:38:17 +00:00
Wang Guoliang	32fe314a1e	fix some syntax related errors Kubernetes-commit: d065157dd74fa02eec87f5849528b079a3736c3d	2018-02-11 19:50:49 +08:00
Jeff Grafton	1ab12b2dc8	Autogenerated: hack/update-bazel.sh Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e	2018-02-16 13:43:01 -08:00
halfcrazy	6f8c3a80da	fix typo in package apiserver Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81	2018-02-01 03:04:33 +08:00
WanLinghao	2eee1977e7	modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go Kubernetes-commit: 983435bdcec2aa130243108820c5c928ed2f8bf3	2018-01-31 14:21:42 +08:00
Cao Shufeng	2a2505e824	remove duplicated import Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3	2018-01-11 19:15:11 +08:00
Jeff Grafton	c8a97ee31a	Autogenerate BUILD files Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c	2017-12-23 13:06:26 -08:00
Mike Danese	06a5d25846	move authorizers over to new interface Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f	2017-09-29 14:21:40 -07:00
Jeff Grafton	f4dbe23125	update BUILD files Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116	2017-10-12 13:52:10 -07:00
Cao Shufeng	f7e881914a	support micro time for advanced audit Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d	2017-09-25 11:56:30 +08:00
Maciej Szulik	6959d4a79a	Fill in creationtimestamp in audit events Kubernetes-commit: 3dd3e7aa5243228b49211f4bb40022a719cc57ac	2017-09-09 21:44:33 +00:00
CaoShufeng	5d22e67a97	enhance unit tests of advance audit feature This change does three things: 1. use auditinternal for unit test in filter stage 2. add a seperate unit test for Audit-ID http header 3. add unit test for audit log backend Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23	2017-09-09 21:44:30 +00:00
Cao Shufeng	4905dd9b0c	Provide a way to omit Event stages in audit policy Updates https://github.com/kubernetes/kubernetes/issues/48561 This provide a way to omit some stages for each audit policy rule. For example: apiVersion: audit.k8s.io/v1beta1 kind: Policy - level: Metadata resources: - group: "rbac.authorization.k8s.io" resources: ["roles"] omitStages: - "RequestReceived" RequestReceived stage will not be emitted to audit backends with previous config. Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f	2017-09-04 14:03:48 +00:00
David Eads	9f885389e9	make url parsing in apiserver configurable Kubernetes-commit: ccc7c9bdfa80caee93953a96dec0d689d93f08e5	2017-09-04 14:03:48 +00:00
Maciej Szulik	3c2866020c	Switch audit output to v1beta1 Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b	2017-09-03 14:04:14 +00:00
Cao Shufeng	d781318aca	audit real impersonated user info Log the newest impersonated user info in the second audit event. This will help users to debug rbac problems. Kubernetes-commit: 1c3dc52531b7761921c8855cafc58b669da111f1	2017-09-03 14:04:13 +00:00

1 2

87 Commits