kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Library for writing a Kubernetes-style API server.
1,774 Commits 30 Branches 1,482 Tags 31 MiB
Go 99.8%
Shell 0.2%
Go to file
Kubernetes Publisher e16db054ca Merge pull request #65799 from dekkagaijin/fix-headers 
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Percent-encode illegal characters in user.Info.Extra keys

This percent-encodes characters in `X-Remote-Extra-` and `Impersonate-Extra-` keys which aren't valid for header names per [RFC 7230](https://tools.ietf.org/html/rfc7230#section-3.2.6) (plus "%" to avoid breaking keys which contain them). The API server then blindly unescapes these keys.

Reviewer note:
Old clients sending keys which were `%`-escaped by the user will have their values unescaped by new API servers. New clients sending keys containing illegal characters (or "%") to old API servers will not have their values unescaped. This version skew incompatibility is a compromise discussed in #63682.

Fixes #63682

PTAL @mikedanese

**Release note**:
```release-note
action required: the API server and client-go libraries have been fixed to support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both should be updated in order to properly support extra data containing "/" characters or other characters disallowed in HTTP headers.
```

Kubernetes-commit: 6715f139292bfde5e4030e2e3f8077da04cc6d72
 		2018-08-06 13:45:05 +00:00
.github Treat staging repos as authoritative for all files 2017-12-22 17:09:51 -05:00
Godeps Merge pull request #65799 from dekkagaijin/fix-headers 2018-08-06 13:45:05 +00:00
pkg Make the timeout error more specific so users can find it 2018-07-25 12:50:39 -04:00
plugin/pkg Add String method to audit.Backend interface 2018-07-18 17:35:08 +08:00
vendor Merge pull request #65034 from caesarxuchao/json-case-sensitive 2018-06-14 23:35:44 +00:00
.import-restrictions move pkg/auth/user to staging 2017-01-13 13:38:43 -05:00
CONTRIBUTING.md Add k8s.io/apiserver/CONTRIBUTING.md 2018-04-18 14:09:10 +02:00
LICENSE Add README and LICENSE to staging repos 2017-10-23 16:39:02 +05:30
OWNERS add CaoShuFeng as a reviewer of kube-apiserver 2018-04-17 14:10:18 +08:00
README.md apiserver/README: update to 2018 for compatibility 2018-07-11 10:36:01 +05:30
SECURITY_CONTACTS add PST to main SECURITY_CONTACTS as formality 2018-05-24 09:33:43 -04:00
code-of-conduct.md Add code-of-conduct.md to staging repos 2017-12-20 15:21:56 -05:00

README.md

apiserver

Generic library for building a Kubernetes aggregated API server.

Purpose

This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization, kubectl compatible discovery information, optional admission chain, and versioned types. It's first consumers are k8s.io/kubernetes, k8s.io/kube-aggregator, and github.com/kubernetes-incubator/service-catalog.

Compatibility

There are NO compatibility guarantees for this repository, yet. It is in direct support of Kubernetes, so branches will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the compatibility guarantee. We have a goal to make this easier to use in the future.

Where does it come from?

apiserver is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver. Code changes are made in that location, merged into k8s.io/kubernetes and later synced here.

Things you should NOT do

  1. Directly modify any files under pkg in this repo. Those are driven from k8s.io/kubernetes/staging/src/k8s.io/apiserver.
  2. Expect compatibility. This repo is changing quickly in direct support of Kubernetes and the API isn't yet stable enough for API guarantees.