kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,463 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

155 Commits

Author SHA1 Message Date
hzxuzhonghu 490c9a96c3 fix typo 
Kubernetes-commit: 549fb0cad39daa74c528f7f775d627f908785b61
 2018-04-04 16:03:17 +08:00
Dr. Stefan Schimanski 1075399c96 apiserver: enforce shared RequestContextMapper in delegation chain 
Kubernetes-commit: 9f906618f04baceaf923e873530f9741e80ad2cb
 2018-04-04 10:05:06 +02:00
Dr. Stefan Schimanski 28595d407b apiserver: add warning about not trusting authz of aggregator 
Kubernetes-commit: 50b98169ede9648769ce471150b1ab9ceb06bc0c
 2018-03-19 13:37:52 +01:00
Mik Vyatskov b2b70701e1 Make advanced audit output version configurable. 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: ad25d1f9ec398e5f9e91fd225cbbfdc5aa00973f
 2018-02-19 21:15:49 +01:00
hzxuzhonghu 240b9cf032 remove unused rls-ca-file flag 
Kubernetes-commit: 9c0803e14c0d76e2e8225db546c0d2ce0b522ab7
 2018-03-20 15:26:31 +08:00
hzxuzhonghu 422369e23b move EtcdServersOverrides to EtcdOptions flags validate 
Kubernetes-commit: f380ac8cec8061bf6533ccecd02ec49d9a5b016f
 2018-03-05 11:32:59 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Tim Allclair d89e8e9460 Fix default auditing options. 
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
 2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff 
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
 2018-03-10 17:44:20 +08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
 2018-02-22 19:52:33 +01:00
Mike Spreitzer aa5d4f9f32 Fixes for HTTP/2 max streams per connection setting 
This PR makes two changes.  One is to introduce a parameter
for the HTTP/2 setting that an api-server sends to its clients
telling them how many streams they may have concurrently open in
an HTTP/2 connection.  If left at its default value of zero,
this means to use the default in golang's HTTP/2 code (which
is currently 250).

The other change is to make the recommended options for an aggregated
api-server set this limit to 1000.  The limit of 250 is annoyingly low
for the use case of many controllers watching objects of Kinds served
by an aggregated api-server reached through the main api-server (in
its mode as a proxy for the aggregated api-server, in which it uses a
single HTTP/2 connection for all calls proxied to that aggregated
api-server).

Fixes #60042

Kubernetes-commit: 201c11f147c85b029665915bee3a62eea19d6d57
 2018-02-19 14:18:07 -05:00
Marek Grabowski e36f8069aa Add a metric exposing number of objects per type 
Kubernetes-commit: f6e9ebffa2df10f7792fbea0a0fbe5ab8e388a26
 2018-02-12 15:58:57 +00:00
hzxuzhonghu 45ac728887 set default enabled admission plugins by official document 
Kubernetes-commit: 27f3fd2d79d2d669ddecdd987c8b099f1f43ce38
 2018-01-23 20:12:10 +08:00
steveperry-53 2aca9afa1d sync: squashed up to merge cc7cea74ae668cd401d99cc472569605cb640517 in b3099bcf532bc470ff7075e93025b8741da09be4 2018-02-27 01:30:07 +00:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
David Eads bf5feefec3 add an admission decorator chain 
Kubernetes-commit: 1ae856484b8a827b7ce6018ddfa103493a2cb97d
 2018-02-14 09:27:25 -05:00
Dr. Stefan Schimanski 89b7bf377a Update generated files 
Kubernetes-commit: 5483ab7679dd055422131fd1c22a18eee39a775e
 2018-02-08 19:37:08 +01:00
Dr. Stefan Schimanski 0520d284e2 controller-manager: add authz/n to options, nil by default 
Kubernetes-commit: cecd663c21d139a3a5a15b43a8dda8de26180246
 2018-02-08 14:19:02 +01:00
Dr. Stefan Schimanski 338a852bbb apiserver: make SecureServingOptions and authz/n options re-usable 
Kubernetes-commit: 4e0114b0dd3701b68c02d038edcf4fbe84515a68
 2018-01-31 16:17:48 +01:00
hzxuzhonghu 808a483472 pass listener in integration test to prevent port in use flake 
Kubernetes-commit: a6c43c6a5ca7cc4449684d5e68d73773be91cd41
 2018-01-29 11:58:23 +08:00
Wu Qiang 43cefec1d0 Update endpoint value in test code 
Kubernetes-commit: 31f74303fc48df5d88105c9742a103eae742f478
 2018-02-09 01:23:25 +00:00
Wu Qiang be4ee1ba37 Remove configfile for kms in encryption config 
Kubernetes-commit: 5ae61ed386e3fbc3b7e91d343afadadd52ac027d
 2018-01-26 11:53:24 +00:00
Wu Qiang a32d2bb427 Update for review comments 
Kubernetes-commit: 2e7af38d6b4c8ed9e1fb23930b98ed8d2ad68aa0
 2018-01-25 05:39:48 +00:00
Wu Qiang 580a800cad Only support unix socket for kms gRPC, also add Version method 
Kubernetes-commit: a6368bb04c1100d1dce1c6bf680056882835b395
 2017-12-18 09:29:56 +00:00
Wu Qiang e4061faec3 Fix verify error and address review comments 
Signed-off-by: Wu Qiang <qiang.q.wu@oracle.com>

Kubernetes-commit: 16b04d68b1ae180d61ea4ca06d1c8139c25a652f
 2017-11-15 11:20:12 +08:00
Wu Qiang dbe35e5c4e Update kms provider config for gRPC client service 
Kubernetes-commit: 31fb539f1735debd38e705fcb96a05ea0313c5f5
 2017-11-14 09:05:52 +00:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
hzxuzhonghu 9e657b874d deprecate insecure http flags and remove already deprecated public-address-override 
Kubernetes-commit: 24c687fdad009fec01703ae0f93ab141b97c0028
 2018-01-30 16:05:33 +08:00
David Eads 0989af6244 remove --tls-ca-file which had no effect 
Kubernetes-commit: 114711f77d1f12e10b1190db02ca17302992f5ad
 2018-01-29 10:29:14 -05:00
David Eads b16b687dc5 generated 
Kubernetes-commit: 4ce7bcced4cc68a833759a218f9c3be7f72fd1c0
 2018-01-19 11:55:55 -05:00
David Eads 6b198535d6 add options for min tls levels 
Kubernetes-commit: ad1680347071cb5bb66ab49c7325eb21d83e143c
 2018-01-19 11:50:47 -05:00
hzxuzhonghu 7eedbab968 run update bazel and staging-godep 
Kubernetes-commit: eff1f20ff14cc450968788974d77b472c82fface
 2018-01-20 17:21:44 +08:00
hzxuzhonghu f5af0796fc pass APIEnablement through apiserver chain 
Kubernetes-commit: 2f403b7ad18a179514f1de77e29f1a2549ef030a
 2017-12-21 11:27:20 +08:00
hzxuzhonghu 215ca01104 run update bazel 
Kubernetes-commit: 5c9e020d7dfb369d3cdfb765baa3dff922d8e83d
 2018-01-13 18:09:47 +08:00
hzxuzhonghu d395a1e811 update admission test cases 
Kubernetes-commit: 82c3d2492cb43f9f81e8a18e1dce2e8ab7e4e56a
 2018-01-15 14:58:09 +08:00
hzxuzhonghu b636311708 refactor admission flag: add two admission flags and make plugins auto in recommended order 
Kubernetes-commit: 7c5f9e0bbaff15570f1709e70b7fa6952395d7cd
 2018-01-15 14:58:57 +08:00
Jordan Liggitt e090ce7de2 Fix loading structured admission plugin config 
Kubernetes-commit: 34328ea87dc9ac61bd036228102c952017cb81d0
 2018-01-18 02:32:28 -05:00
Victor Garcia 08a8cccb0a Adding support for custom TLS ciphers in api server and kubelet 
Kubernetes-commit: d7dbc96c70d480f0b81cd83ae3abd34b69c1e70d
 2017-07-12 23:49:41 -07:00
Dr. Stefan Schimanski 574b95f04b admission: do not leak admission config types outside of the plugins 
Kubernetes-commit: 1a552bbe149373c056ee004304d7e5abaa89f4c6
 2017-11-27 14:44:04 +01:00
Yu Liao 3365692578 sync: squashed up to merge eb7be2699bcbecb2703d3c046b27c2a8e8b1b6dd in 188e6ebcdbcfd0617dc12e51e8e6a66ce89f3955 2018-01-13 19:39:22 +00:00
Dr. Stefan Schimanski 551699fb67 Pass RecommendedConfig into ExtraAdmissionInitializers 
Kubernetes-commit: 5a3cfd27ed818b971f36032d85e2de2db586a4e5
 2018-01-02 09:32:04 +01:00
Dr. Stefan Schimanski 73975eaf19 Simplify extra initializer logic 
Kubernetes-commit: a8127df3bb396717b4fb2a7f688c1f98e6bef6b4
 2017-12-20 12:17:44 +01:00
xuzhonghu 82b64e7264 add admission into RecommendedOption 
Kubernetes-commit: 6149df089e2667fefb740e408ece883fd76dd40e
 2017-12-01 11:07:28 +08:00
hzxuzhonghu 0f7253ee99 validate admission-control param 
Kubernetes-commit: 64a7c60e00a1f6cf92710415e0e3dee133ebab7c
 2017-11-30 14:34:36 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Saksham Sharma 0d11a9c252 Use []byte in place of string in envelope.Service. 
Kubernetes-commit: 5005a541d6b5b7d950ed621d9c9fd247abb9b4af
 2017-11-07 04:24:53 +05:30
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
 2017-11-30 18:47:48 +01:00
Chao Xu 53b8960359 move the MutatingAdmissionWebhook to the last in the mutating amdission 
plugin chain.

Kubernetes-commit: 8e8e32fa05f02331f724930933dfa34be995247c
 2017-11-17 14:16:37 -08:00
Kubernetes Submit Queue e16244b0bc Merge pull request #55812 from deads2k/admission-17-external 
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Make versioned types for webhook admission config

Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414.

@kubernetes/sig-api-machinery-pr-reviews
@ericchiang as promised.  fyi.

```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
  configuration:
    kind: WebhookAdmission
    apiVersion: apiserver.config.k8s.io/v1alpha1
    kubeConfigFile: /path/to/my/file
```

`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`

Kubernetes-commit: 25ebf875b4235cb8f43be2aec699d62e78339cec
 2017-12-07 04:34:43 +00:00
hzxuzhonghu 170e8ac6dd pass listener to genericapiserver 
Kubernetes-commit: 6ba30f678c232793430a98770e7a851f1e814fd2
 2017-11-16 13:32:12 +08:00