f1057d62fb
Merge pull request #78541 from deads2k/timeout
...
choose a more unique request timeout default
Kubernetes-commit: eb2deb66e5220323eac8030cfa923666939ffc61
2019-10-17 07:01:20 +00:00
b4be7f41c9
Merge pull request #83970 from jpbetz/bbolt-v1.3.3
...
Bump bbolt to v1.3.3
Kubernetes-commit: 5f43502060552d66a46fedf0997d699026d3593c
2019-10-16 23:09:42 +00:00
e7b9276b8c
Merge pull request #83796 from enj/enj/i/token_cache_memory_limit
...
Hash keys used in cached token authenticator
Kubernetes-commit: ccf5f7ba36c6ad296c4b0f59f1ed8ed73696fc97
2019-10-15 23:05:59 -07:00
25accf5baf
Bump bbolt to v1.3.3
...
Kubernetes-commit: 1db282bb3e2a92a704b5a2266b9515b5e73e9c6a
2019-10-15 13:38:16 -07:00
c2289feb1e
Hash keys used in cached token authenticator
...
It is possible to configure the token cache to cache failures. We
allow 1 MB of headers per request, meaning a malicious actor could
cause the cache to use a large amount of memory by filling it with
large invalid tokens. This change hashes the token before using it
as a key. Measures have been taken to prevent precomputation
attacks. SHA 256 is used as the hash to prevent collisions.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: 9a547bca8e6e15273bfafd3496aa6524fd7d35bd
2019-10-11 15:21:34 -04:00
0d1aa698ce
Merge pull request #83858 from mrbobbytables/update-apiserver-owners
...
Prune inactive reviewers from staging/src/k8s.io/apiserver/* OWNERS files.
Kubernetes-commit: 34db57b0071aa62f546020ad4d7cb603196dd0d7
2019-10-14 19:00:47 +00:00
28bb4eaefb
Merge pull request #83678 from RainbowMango/pr_remove_prometheus_reference_from_storage
...
Remove prometheus reference from storage
Kubernetes-commit: f7992c7a214cc9ffbf43a4d340c1c3e913f667e3
2019-10-14 15:00:45 +00:00
01b17215e9
Prune inactive owners from staging/src/k8s.io/apiserver/* OWNERS files.
...
Kubernetes-commit: 20285dd4608d4dbe7c86a4997c8975bfbf6d1b1c
2019-10-12 19:35:18 -04:00
92ea37b476
Deal with auto-generated files.
...
- Update bazel by hack/update-bazel.sh
- Update vendor by hack/update-vendor.sh
Kubernetes-commit: 6764bf394856a0d0979131bf985ce73cec4da72a
2019-10-09 22:01:46 +08:00
dfdab3a0c8
Remove direct reference to prometheus from apiserver/pkg/storage/value.
...
Kubernetes-commit: 78d0f1827acfb8400d6e1622d55bdfed64b047ed
2019-10-09 21:58:51 +08:00
357923dfd1
Merge pull request #83801 from jpbetz/etcd-3_3_17_client
...
Upgrade to etcd client 3.3.17
Kubernetes-commit: 5e2650883af75cfb09eb4a65b4fb0e7d867a104f
2019-10-14 07:20:02 +00:00
ec095274d0
Merge pull request #83459 from deads2k/cert-reload-subject
...
dynamic delegated authn header reload
Kubernetes-commit: 527f6e1b4e99efbc9774ffb33487ecd3b8cb666a
2019-10-14 07:20:00 +00:00
934c73955b
Merge pull request #83785 from yastij/bump-utils-rangesize
...
bump k8s.io/utils to pickup bug fix for rangesize func
Kubernetes-commit: 677903edc6cfe1fb045a55b0734ee05ce8c3d03c
2019-10-14 07:19:59 +00:00
87e106d504
Merge pull request #83610 from SataQiu/metrics-apiserver-20191008
...
Eliminate direct references to prometheus from apiserver admission
Kubernetes-commit: 30603a8b58e1d14a7a1c1a62ca10f984d15bc083
2019-10-14 07:19:57 +00:00
1613cc8dee
Merge pull request #83763 from jpbetz/revert-3316
...
Revert #83735 : Update etcd client to 3.3.16
Kubernetes-commit: faad5d52bcefa903a0adf4b1dea9a9413944ca33
2019-10-14 07:19:56 +00:00
5ebe913d25
Upgrade to etcd 3.3.17
...
Kubernetes-commit: 41e03d26d56e2d5070b532fd28e68d10b88e15bb
2019-10-11 13:28:41 -07:00
43f5144852
bump k8s.io/utils to pickup bug fix for rangesize
...
Signed-off-by: Yassine TIJANI <ytijani@vmware.com>
Kubernetes-commit: 5d49cbd3cae68d7aafdeac7f2ca08208118f09ad
2019-10-11 16:45:21 +02:00
3839aee69d
Revert #83735 : Update etcd client to 3.3.16
...
Kubernetes-commit: 2a4217340ec2ee72ef2e8ea1ee87826609ca94f4
2019-10-11 00:17:00 -07:00
93d2a18bde
Merge pull request #83237 from jfbai/feat-add-agent-and-remote
...
feat(apiserver): add user-agent and remote info into trace log for endpoints handlers.
Kubernetes-commit: 103a5f92d6e40630c9c7bf043f3df1a0b7958dc0
2019-10-14 07:19:54 +00:00
b779900277
Merge pull request #83735 from jpbetz/etcd3316-client
...
Update etcd client to 3.3.16
Kubernetes-commit: 8f968c41d29c9fb2a322825b0e2c19ed7e589966
2019-10-14 07:19:52 +00:00
b803d9d0d3
Merge pull request #83583 from wojtek-t/improve_negotiate_media_type
...
Improve negotiate media type
Kubernetes-commit: 09b4787126240489081502e553c466e85a3bd51f
2019-10-10 20:09:05 +00:00
6354df54c0
Update etcd client to 3.3.16
...
Kubernetes-commit: ad6aeecf30354ce9cd14de63afd444e1a845f418
2019-10-10 07:49:36 -07:00
a5b9ca7482
feat(apiserver): add user-agent and remote info into trace log for endpoints handlers.
...
Kubernetes-commit: 91bddd13485082892be8e8e471e358be317c4e9b
2019-10-10 21:30:05 +08:00
a9bd356af6
Merge pull request #80883 from liggitt/admission-v1
...
Switch admission webhook config manager to v1
Kubernetes-commit: 3edbc6afff17ea8dfe5c10b2677dcdc8767f67e2
2019-10-10 12:01:41 +00:00
5f538bd5e3
Optimize NegotiateMediaTypeOptions
...
Kubernetes-commit: 1baf4778ae130dc9c305736216b5f5024a962595
2019-10-10 11:49:31 +02:00
fba1140b91
Update munnerz/goautoneg dependency
...
Kubernetes-commit: 053721d9d5bd7209a8c9d63eca9eea763ec7f391
2019-10-10 10:50:41 +02:00
07fc332df3
Merge pull request #83595 from immutableT/remove-deprecated
...
Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin.
Kubernetes-commit: 088322687fa7b28188e89cb54350445c54de484e
2019-10-10 04:02:02 +00:00
630eda2c9b
eliminate direct references to prometheus
...
Kubernetes-commit: f99b4339681329779e44cd9f0c8ffdbabfeb6fcf
2019-10-10 11:18:52 +08:00
2647efb971
Merge pull request #83643 from lavalamp/bigger-auth-cache
...
increase auth cache size
Kubernetes-commit: 6992d1386c481437acbfc2a7edcf4ae3575cc85c
2019-10-09 12:09:23 +00:00
d01b9c8b1a
Merge pull request #82630 from RainbowMango/pr_migrate_prom_bucket_for_apiserver
...
Migrate prometheus bucket functionality to metrics stability framework for apiserver
Kubernetes-commit: 3b17884ca2d90e637989f34d81c84ff04499d578
2019-10-09 12:09:21 +00:00
344ca1b3a8
increase auth cache size
...
Kubernetes-commit: 236112c6af9b22b02e35914fe8fbbdbfe856f975
2019-10-08 14:27:28 -07:00
c29386a605
Merge pull request #83527 from odinuge/runc-rc9
...
Bump dependency opencontainers/runc@v1.0.0-rc9
Kubernetes-commit: 3f8f0a32fa980d977a8aa05c229097cddf5e6e38
2019-10-08 12:02:33 +00:00
1e8e896aec
Merge pull request #83121 from sftim/20190925_fix_apiserver_help_readyz_typo
...
Fix typo in API server help for shutdown-delay-duration
Kubernetes-commit: 0956acbed17fb71e76e3fbde89f2da9f8ec8b603
2019-10-08 00:01:31 +00:00
5035dae3d5
Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin.
...
Kubernetes-commit: e50c264c35a32200febde3b10838b2ef2f986c39
2019-10-07 15:57:47 -07:00
1d2083ab95
Bump dependency github.com/coreos/go-systemd@v19 (95778df)
...
Kubernetes-commit: c07408380de0e430fd94df1b1d03b672b1801b6e
2019-10-05 14:28:46 +02:00
279a76350f
Merge pull request #81816 from jennybuckley/apply-cap-managers
...
[server-side apply] Cap the number of managedFields entries for updates at 10
Kubernetes-commit: a8e8e54f7a6e3267c7c47bb2037a2dc0ffce8976
2019-10-05 12:05:00 +00:00
85b7c497d8
Merge pull request #82176 from pohly/ginkgo-stack-fix
...
Ginkgo update + stack fix
Kubernetes-commit: b140b431073ae4d84ce9ef5e01a1f27058178ead
2019-10-05 12:04:58 +00:00
c060079d41
Merge pull request #83500 from deads2k/tls-config
...
refactor tlsConfig creation for secure serving
Kubernetes-commit: c4383c9aa17217f011fc508dd598f720c44f7765
2019-10-05 08:01:29 +00:00
9f20cfae34
Merge pull request #82662 from jpbetz/api-machinery-jpbetz-reviewer
...
Add jpbetz as reviewer of api-machinery code
Kubernetes-commit: 108e8a6a4a035623456002a82ffa5f360a3b9854
2019-10-05 04:01:29 +00:00
b1066a01e9
Merge pull request #83452 from wojtek-t/avoid_unnecessary_identifier_computations
...
Avoid unnecessary identifier computations
Kubernetes-commit: 386a27fd447acbd18fc6169afb66bba4d4959f1c
2019-10-05 00:01:47 +00:00
dd282eb3a3
Merge pull request #82371 from deads2k/cert-reload-delegated
...
add ability to authenticators for dynamic update of certs for delegated authn
Kubernetes-commit: 7ac65858bb9fdf41bb0cf3b257a4943ea8457ed6
2019-10-04 16:05:24 +00:00
11d75d5283
refactor tlsConfig creation for secure serving
...
Kubernetes-commit: e7b41d08270f0b8035b423050e96c7affd4bd8e1
2019-10-04 09:52:49 -04:00
703545a3db
add the ability for dynamic header names in delegated authentication
...
Kubernetes-commit: 58256346693717fd12f121f0cf74fe1e003edb0f
2019-10-03 12:56:42 -04:00
32db273e32
Merge pull request #82077 from deads2k/poststart
...
add ability to pre-configure poststarthooks for apiservers
Kubernetes-commit: 5fbda60c149e63cc13d51e5dbf94581c3c320b25
2019-10-03 16:01:24 +00:00
ebc87b1ba1
Cache encoder for auditlog backend
...
Kubernetes-commit: 3ad42fb8ca6398ae17882a2b53cf3b65ba9fe1e7
2019-10-03 16:38:47 +02:00
4f72a4b585
Merge pull request #72170 from jpbetz/stale-read-2
...
Make resourceVersion parameter semantics consistent across all storage.Interface implementations
Kubernetes-commit: 54d49bd785ba6fe8eb651e8a73ce3580f8c0ec41
2019-10-03 08:02:02 +00:00
fc290d8208
Merge pull request #83261 from liggitt/yaml-limits
...
limit yaml/json decode size
Kubernetes-commit: 4afcba42bed2bb7c36e5209a90d87343f32a0efa
2019-10-03 04:06:07 +00:00
4bf0fda364
Merge pull request #83333 from lavalamp/unbufferedchannel
...
Don't leak a go routine on panic
Kubernetes-commit: acd9141e76d3453c08700f22b24bdc320718d5dc
2019-10-02 00:01:25 +00:00
2d792f34c6
Merge pull request #82105 from logicalhan/admission-test
...
Explicitly handle returned error values in admission metrics_test
Kubernetes-commit: 5219ad7be209b31cdfdae2eda1cd435aff4a3cd2
2019-10-01 20:05:01 +00:00
99a0cf54d3
Merge pull request #81914 from wojtek-t/cache_serializations_across_watchers
...
Cache serializations across watchers
Kubernetes-commit: 7878160a9747c0c2d4f2cc16a7401407253d578b
2019-10-01 20:05:00 +00:00
Kubernetes Publisher
Joe Betz
Monis Khan
Bob Killen
RainbowMango
Yassine TIJANI
Jianfei Bai
Wojciech Tyczynski
SataQiu
Daniel Smith
immutablet
Odin Ugedal
David Eads