kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,608 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

56 Commits

Author SHA1 Message Date
Davanum Srinivas fe1610f3fe switch from golang-lru to the one in k8s.io/utils 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0
 2021-07-07 13:45:07 -04:00
Monis Khan 5289a15a1a client-go transport: assert that final CA data is valid 
Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 440ea3ef49e0ac77353ceeaebc2aad6c995d5b35
 2021-05-03 10:11:54 -04:00
Stanislav Laznicka 7eb7056b38 webhooks,aggregation: add metrics to count certs missing SAN 
Adds counters to generic webhook code and to the kube aggregator
so that it is possible to effectively measure the impact of
Golang 1.15's deprecation of x509 cert CN hostname
verification.

Kubernetes-commit: 9d6a19efff05a40081337a2fcb3dce6331b04022
 2020-10-06 13:02:52 +02:00
Abu Kashem 3ba02b7f93 handle webhook authenticator and authorizer error 
webhook.WithExponentialBackoff returns an error, and the priority is:
- A: if the last invocation of the webhook function returned an error
  that error should be returned, otherwise
- B: the error associated with the context if it has been canceled or
  it has expired, or the ErrWaitTimeout returned by the wait package
  once all retries have been exhausted.

caller should check the error returned by webhook.WithExponentialBackoff
to handle both A and B. Currently, we only handle A.

Kubernetes-commit: ae2b353fbf519b29d168c534f88c373fd67a1c31
 2021-01-07 16:14:18 -05:00
Ken Sipe 0da065589a fix S1023 redundant return statement 
Signed-off-by: Ken Sipe <kensipe@gmail.com>

Kubernetes-commit: 1d795002919675b8cf3bf462b6543fef843b5b54
 2020-06-25 17:29:42 -05:00
Abu Kashem 5254108841 make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.

Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
 2020-10-30 11:25:32 -04:00
Abu Kashem 67f1bb6022 Webhook: handle error when calling wait.ExponentialBackoff 
- Inside WithExponentialBackoff function, handle error returned
by wait.ExponentialBackoff.
- Ensure that the wait time is bound to the given context.

Kubernetes-commit: f8e35de156f212b6989b465e608dd99b525bd5dc
 2020-10-26 11:37:11 -04:00
Andrew Sy Kim 6746ccadda apiserver: support egress selection name 'controlplane' and deprecate 'master' 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: a0aebf96ec2eef6517e2611335f0e6c9375dd807
 2020-10-26 10:24:16 -04:00
Gaurav Singh 43ce4f9092 Remove double import of k8s.io/apimachinery/pkg/util/net 
Kubernetes-commit: 29ceb8d5f2fc48d1fe4974110b7f60579668c00e
 2020-04-08 16:25:23 -04:00
Jefftree 13613a1c15 Address comment and remove if condition 
Kubernetes-commit: 61fa4e6c098559b65fe28c1bf55cb817697e38e5
 2020-02-27 17:18:57 -08:00
Jefftree f1c9537c7b pass Dialer instead of egressselector to webhooks 
Kubernetes-commit: 1b38199ea8b220be0b645af8a4cbdef4c87ce7fc
 2019-12-05 17:28:59 -08:00
Jefftree aa55f94611 authentication webhook via network proxy 
Kubernetes-commit: d318e52ffe0ba156a96cb5507026de6827d543ca
 2019-12-03 15:20:49 -08:00
Mike Danese 5737088b7f refactor 
Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515
 2020-01-27 18:19:44 -08:00
Jefftree 16fa20a151 network proxy with admission wh 
Kubernetes-commit: 1289bdaba41848c0d19892cc749798e540b56e8a
 2019-11-12 17:35:45 -08:00
Jordan Liggitt 8c0dc1fdf9 Ensure webhook backend requests are not artificially rate-limited 
Kubernetes-commit: d620493b7430c0f59d7393c3de8451d6a686c0c1
 2019-12-02 11:39:16 -05:00
shturec b054ff44ee custom retry strategy in GenericWebhook 
Kubernetes-commit: 4877b0b7b50bdc3eaaadd3f968fd846c1396b708
 2019-09-27 13:04:10 +03:00
Jordan Liggitt 0ca78287c0 Propagate context to ExponentialBackoff 
Kubernetes-commit: 4c686ddc1c5f9bc5c28d711dd56551b1ac003faa
 2019-09-24 09:43:04 -04:00
Jordan Liggitt 80b9dc503b Plumb service port, URL port to webhook client auth resolution 
Kubernetes-commit: d127042cb81cbf545332ec3124161525ef84183c
 2019-09-02 22:38:36 -04:00
Jordan Liggitt 2de636a948 Search client auth with and without port 
Kubernetes-commit: 2f5dde7672eaf90c7086f86a5a4ee190559f3bb2
 2019-09-02 22:38:55 -04:00
Jordan Liggitt 956977bd20 Use http/1.1 in apiserver->webhook clients 
Kubernetes-commit: ddc697866afd1e58cd2ee504277b405052546202
 2019-08-28 13:37:50 -04:00
Haowei Cai 8d86fef522 wire up the webhook rejection metrics in webhook handlers 
Kubernetes-commit: 620f5f2c587971be50cb27bb2a2d35209b3dc058
 2019-08-28 17:32:07 -07:00
Jordan Liggitt 90d670a108 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
 2019-07-12 08:44:24 -04:00
Odin Ugedal 1be6195f27 Fix file permissions for non executable files 
Normal files should have permissions 644 by default,
and does not require the last bit to be
executable

Signed-off-by: Odin Ugedal <odin@ugedal.com>

Kubernetes-commit: 35cb87f9cf71776e99a970dfff751cd29ba7ebfb
 2019-06-14 21:04:39 +02:00
Mike Danese da64b0b811 BoundServiceAccountTokenVolume: fix InClusterConfig 
Kubernetes-commit: 4198f28855cbda6dac61408fcba6f2d576a9347c
 2019-05-14 09:29:16 -07:00
Mike Danese 84cf7582e3 webhook: support exec auth plugin 
This allows webhook static kubeconfig to use an exec auth plugin to
configure authentication.

https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers

Kubernetes-commit: 8b45296661de1f12f441736ae44895ac30f320d4
 2019-04-22 19:25:11 -07:00
Mehdy Bohlool 6c13576bf2 Add port to ServiceResolvers 
Kubernetes-commit: 11f37d757fc0b710245446c80a8c9578ce2c02f1
 2019-03-01 16:32:50 -08:00
Mehdy Bohlool f06a9dc218 Add port to ServiceReference of Admission Webhooks, ConversionWebhooks and AuditSync with defaulter and validator 
Kubernetes-commit: 404e2f7a30626f02b55180bccf6a5f16bcbbfa82
 2019-03-01 14:35:42 -08:00
danielqsj 8f8d23605e fix shellcheck in k8s.io/apiserver 
Kubernetes-commit: 481c2d8e03508dba2c28aeb4bba48ce48904183b
 2019-01-24 13:55:09 +08:00
Jordan Liggitt f3ce4369fb Plumb token and token file through rest.Config 
Kubernetes-commit: dba85e58debadfcb66aff2b68ba8bcc2eafeac2d
 2018-12-04 11:24:29 -05:00
Patrick Barker 8c2cdbce6d refactors kubeapiserver webhook utility to be generic 
Kubernetes-commit: 1081fffdd5f6f523a5de0fd30e85b7208220dcb9
 2018-11-01 15:22:58 -06:00
Mehdy Bohlool 154485c3be Refactor webhookclientConfig validation of admission and audit registration 
Kubernetes-commit: 1587d189cbf27b3c2470cf1fe56e50afbde412b6
 2018-10-30 11:57:29 -07:00
Patrick Barker 53adc37659 updates shared apiserver webhook client 
Kubernetes-commit: 5874a1f8faab92aacc5503aa6dbf1c6a724f832f
 2018-10-21 10:03:28 -05:00
Christoph Blecker 92e87e143a Update gofmt for go1.11 
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
 2018-10-05 12:59:38 -07:00
Mehdy Bohlool 21f6e2bcdd Refactor addmission webhook hook client to a util package 
Kubernetes-commit: 5652d5cffadcd8a2f107b6aecf5fc06c0fc473f1
 2018-08-26 23:20:23 +10:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
Matthias Bertschy 0203b2aa93 Update all script to use /usr/bin/env bash in shebang 
Kubernetes-commit: 9b15af19b22e91284eeb89827b2091caaec25bf6
 2018-04-16 18:31:44 +02:00
David Eads bf8532c54e remove KUBE_API_VERSIONS 
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
 2018-04-25 16:07:15 -04:00
David Eads 88d943c0e6 eliminate indirection from type registration 
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
 2018-04-24 08:21:23 -04:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
Cao Shufeng 2a2505e824 remove duplicated import 
Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3
 2018-01-11 19:15:11 +08:00
Di Xu acf3570864 forbid unnamed context 
Kubernetes-commit: 792a2299362ebadc9ca68c72347884330db23b2a
 2017-12-04 14:39:05 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Mik Vyatskov 470942c90d Always retry network connection error in webhook 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 59bacba0565b3849d939e9330ffd4da2ae19f0e1
 2017-10-15 16:52:15 +02:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Eric Chiang 1f5bdb8525 generic webhook: set a default timeout for webhook requests 
Add a 30 second timeout for all HTTP requests that the webhook sends
so they timeout instead of hanging forever.

Kubernetes-commit: 2de3ee5c48503d3b3214aef55ae7fd0dacc40457
 2017-10-11 17:44:29 -07:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Clayton Coleman 0d288373d0 SuggestClientDelay is not about retrying, clarify message and header 
SuggestClientDelay is returning whether the server has requested that
the client delay their next action. It is *not* about whether the client
should retry the action. Webhook was using it incorrectly, and the
method is now up to date.

Kubernetes-commit: 04846cc25b862c1eabff03ea0b11cbf2f7fae8e2
 2017-08-29 13:14:37 +00:00