kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,114 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

390 Commits

Author SHA1 Message Date
Slava Semushin e2bc8e4617 Introduce kubeapiserver.config.k8s.io/v1 with EncryptionConfiguration and use a standard method for parsing config file. 
Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>

Kubernetes-commit: c21cb548e6c7d4ab019fce8a35c9b99c035c2071
 2018-05-02 18:21:38 +02:00
WanLinghao f78d7e624c fix a description error in DynamicAuditing feature 
Kubernetes-commit: 84aa00c03df00eade6615ca009fa9b2943a98b8c
 2018-11-17 01:49:02 +08:00
Haowei Cai 3c9d1f5b21 Apiextensions-apiserver aggregates CRD schemas 
efficiently without checking conflicts, and wire up CRD discovery
controller to serve OpenAPI spec.

Kubernetes-commit: 3222a7033cf9128b76c0677887f4e383821d0475
 2018-11-15 11:02:11 -08:00
Dr. Stefan Schimanski bb8c155568 apiserver: preserve stack trace in handler panic beyond timeout handler 
Kubernetes-commit: 96fd0482f41ff34ef7d9b7de07ded38152a35141
 2018-11-15 09:56:49 +01:00
Dr. Stefan Schimanski 0837aa9e3a apiserver: in timeout_test separate out handler 
Kubernetes-commit: e43e5e2e4547c7cfb50190d67556352ef0aee9e8
 2018-11-15 09:26:02 +01:00
jennybuckley 7cc3f112fb Build OpenAPI Definitions per group instead of per resource 
Kubernetes-commit: 758e8623e9b08065f053bedf4474626696b6346c
 2018-11-14 12:50:02 -08:00
Patrick Barker 9fd62b6f47 adds dynamic audit configuration 
Kubernetes-commit: eb89d3dddd3792b0a6cd724e64bbbc11d6c15380
 2018-10-18 21:34:17 -05:00
Han Kang f61020971c add ability to exclude health checks from failing healthz by passing in a query param 
Kubernetes-commit: f1f1bc83fd07450a191ecf94b945f1b772d1dc7c
 2018-11-12 16:17:36 -08:00
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
Han Kang 85a1725c91 fix healthz checkerNames test so that it tests against the expected output 
Kubernetes-commit: 0623f630ab37ad75961bf836195e190e6bcf560e
 2018-11-07 09:26:11 -08:00
tanshanshan 631dda550e kube-scheduler: enable secure ports 10259 
Kubernetes-commit: cb95edafe8bf4f294beb53d0a7bc04d62584577c
 2018-09-05 16:42:16 +08:00
Davanum Srinivas 032ec9d79b Switch to sigs.k8s.io/yaml from ghodss/yaml 
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31

Kubernetes-commit: 43f523d405b012fa8d90dd95b667f520e036f6bc
 2018-11-02 16:41:57 -04:00
David Eads 257a06e88a add With method for allowed URL options on delegated authorization 
Kubernetes-commit: 77b56ec9e36dd721c341ce838d608e8af10ce51f
 2018-11-06 10:44:29 -05:00
Jordan Liggitt 136e478e9f encryption-at-rest approvers/reviewers 
Kubernetes-commit: 666c93a8343029a499ea64de8a6d09596097ccb3
 2018-11-02 17:38:17 -04:00
David Eads 83c8e657ed allow delegated authorization to have privileged groups 
Kubernetes-commit: 0b70b7a7c975589f7019e5017c334cf0ee6b819f
 2018-11-05 16:23:20 -05:00
Chao Wang f8fa426bd3 Use `audit.k8s.io/v1` as default value of option --audit-webhook-version and --audit-log-version in release 1.13 
Kubernetes-commit: 9671a035f7e7308ac804b4637af19bac2ecce0f4
 2018-10-31 17:22:37 +08:00
Mike Danese 1692373df9 move audience context functions to authenticator package 
Kubernetes-commit: 817cf70191b73d1ee9f4e7af83089e5854e5131d
 2018-10-31 14:50:11 -07:00
Jordan Liggitt 22df332aff Allow components to generate certificates in-memory 
Kubernetes-commit: b7160d4ee2073f06293d7c3b20acdf4620fadf61
 2018-10-16 17:22:13 -04:00
Mike Danese 7c1e7ec029 echo audiences in anonymous and insecure authenticators 
part of https://github.com/kubernetes/kubernetes/issues/69893

Kubernetes-commit: f94bc6193e1e299b1cb258b59504fab81cf8da1c
 2018-10-26 15:29:55 -07:00
Ibrahim AshShohail 47845b88c3 Update usages of http.ResponseWriter.WriteHeader to use http.Error 
Signed-off-by: Ibrahim AshShohail <me@ibrasho.com>

Kubernetes-commit: 2fb3ba71f196031e9b36095d64c921cacc54f44e
 2018-10-08 22:20:52 +03:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface. 
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
 2018-10-15 15:17:36 -07:00
Jordan Liggitt c7c9a358c2 etcd2 code cleanup, remove deserialization cache 
Kubernetes-commit: c8db31b84adc40aa875917fbca27b2a787902088
 2018-10-15 22:17:44 -04:00
Mike Danese 37ab80320b tokenreview: add APIAudiences config to generic API server and augment context 
Kubernetes-commit: 21fd8f204128a7847786927b460d95be34a6dbde
 2018-10-09 22:04:52 -07:00
Eric Chiang 13ab2dca08 Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.

Kubernetes-commit: 766f5875bfa0d8ce4d52cdb87d12faea527e1492
 2018-10-11 18:11:15 -07:00
Jordan Liggitt bd604a62aa Remove deprecated --etcd-quorum-read flag 
Kubernetes-commit: cff79c542130831f4a212099974570244a0c9586
 2018-10-08 11:04:28 -04:00
Christoph Blecker 92e87e143a Update gofmt for go1.11 
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
 2018-10-05 12:59:38 -07:00
Zhenguo Niu fbe89f5f9b Remove useless named return value 
This cleans up the useless named return value stopCh at
SetupSignalHandler().

Kubernetes-commit: 2e560e797e22c44ac628581486d847c2d5bdbd59
 2018-08-02 19:28:17 +08:00
Solly Ross 41e5031224 Populate ClientCA in delegating auth setup 
kubernetes/kubernetes#67768 accidentally removed population of the the ClientCA
in the delegating auth setup code.  This restores it.

Kubernetes-commit: 65cea86e4413cb5899c3b89bda375bb326de5093
 2018-10-04 12:48:18 -04:00
Jordan Liggitt 3b6fc08803 Remove etcd2 storage backend 
Kubernetes-commit: 85ae79500fba7d6e51292b12daff829027b59872
 2018-10-01 16:48:14 -04:00
immutablet e9bce895cf Lazily dial kms-plugin. 
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
 2018-09-12 14:56:44 -07:00
Dr. Stefan Schimanski 1a58e1c6ad apiserver: make InClusterConfig errs for delegated authn/z non-fatal 
Kubernetes-commit: 04e793e65ad70df5c4ab280c42740864e54163cd
 2018-09-05 09:12:19 +02:00
Dr. Stefan Schimanski c8f47fd79c apiserver: fix misleading delegated authn/z warnings 
Kubernetes-commit: 059fce63b755ef6052db273fd6c91f3090036389
 2018-09-05 09:11:45 +02:00
Dr. Stefan Schimanski f91709c7f9 kube-controller-manager: disable authn/z on insecure port 
This is the old behaviour and we did not intent to change it due to enabled authn/z in general.
As the kube-apiserver this sets the "system:unsecured" user info.

Kubernetes-commit: 8aa0eefce8fbd801a38da46c8704f2d74996e5cd
 2018-08-30 19:20:19 +02:00
Justin Santa Barbara ecbc9eada2 Fix grammar in secure-port flag help 
The phrasing made it difficult to understand the message.

Kubernetes-commit: c0ded2d9f5beb5eb02b356076166c365073a639a
 2018-08-30 18:50:26 -04:00
Dr. Stefan Schimanski c726863192 apiserver: make not-found external-apiserver-authn configmap non-fatal 
Kubernetes-commit: 5d56e791bb932cc297de08db302540684e6f9d4c
 2018-08-24 18:30:58 +02:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code. 
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
 2018-07-05 13:57:17 +02:00
Dr. Stefan Schimanski fdd6b9e860 apiserver: forward panic in WithTimeout filter 
Kubernetes-commit: eec1b521117aa7271be3a3f0919c88caf5b73c54
 2018-08-29 13:44:16 +02:00
Dr. Stefan Schimanski 16d4968bf9 authn/z: optionally opt-out of mandatory authn/authz kubeconfig 
Kubernetes-commit: a671d65673590f0dfcf5c2b673e1518d11510bdb
 2018-08-22 11:56:07 +02:00
Jordan Liggitt 24a0ab5db2 Size http2 buffers to allow concurrent streams 
Kubernetes-commit: 554c0d73282ce7c30f11e0f4d985a6c30cf6e418
 2018-08-27 11:46:49 -04:00
David Eads 34ff0933dd expose generic storage factory primitives 
Kubernetes-commit: 81b9213ac2cc7744b8a62ac42b269b97c1d17b5a
 2018-08-27 10:45:52 -04:00
Dr. Stefan Schimanski cfb1e16b55 apiserver: unify handling of unspecified options in authn+z 
Kubernetes-commit: 0ede948e47d33474a4e30c845d7896c58a319e39
 2018-08-21 16:42:13 +02:00
Dr. Stefan Schimanski a8bd1ddbf7 delegated authz: add AlwaysAllowPaths mechanism to exclude e.g. /healthz 
Kubernetes-commit: 6142e2f8f7c8b1c5d32a2f9aa3715ea0b5baf167
 2018-08-17 17:03:16 +02:00
hangaoshuai c27f181946 add unit test func TestServerRunOptionsValidate 
Kubernetes-commit: cdef8029d4aea52e607da4101ad44b1b4163f869
 2018-08-22 10:19:13 +08:00
hangaoshuai 7e18a5d0a6 add unit test func TestToAuthenticationRequestHeaderConfig 
Kubernetes-commit: 0da04d61ab4b70817083c8208af12397b818546a
 2018-08-22 10:18:30 +08:00
hangaoshuai 769565b214 add unit test func TestAPIEnablementOptionsValidate 
Kubernetes-commit: 73ee10495b5be414b9fae718e5129765c7c3ed19
 2018-08-22 10:17:58 +08:00
hangaoshuai c872082b0a add unit test func TestEtcdOptionsValidate and TestParseWatchCacheSizes 
Kubernetes-commit: 67a1d53bd74265637718b67c80f48a26b6e653cf
 2018-08-22 10:17:26 +08:00
Dr. Stefan Schimanski a549f2934f kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 
Kubernetes-commit: d787213d1b8802d370032d17157ac1de7573ad15
 2018-08-06 16:31:23 +02:00
Dr. Stefan Schimanski 3698d7a898 apiserver: move controller-manager's insecure config into apiserver 
Kubernetes-commit: 1d9a896066b3e10e8c1a0d506e00bc354b7772f0
 2018-08-16 20:47:15 +02:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00
xuzhonghu e767cd8dbf kube-apiserver make use of GlogSetter 
Kubernetes-commit: 38d48e8d025a9cceccfc8a80d72f751b8bb65dab
 2018-06-05 10:32:46 +08:00