github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
111,339 Commits 1 Branch 31 Tags 1,019 MiB
003fbae25b
Commit Graph

222 Commits

Author SHA1 Message Date
Slavik Panasovets
864e41f16d Fix time.Since() in defer. Wrap in anonymous function 
Function arguments in defer evaluated during definition of defer, not
during execution
 2022-10-25 12:38:35 +00:00
Davanum Srinivas
09968e6c03
(aws_credentials): update ecr url validation regex 
Updates the regex for ECR URL validation to support isolated regions
and includes additional testcases for these.

Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-10-16 19:13:47 -04:00
Dixita Narang
977a8ebb3a Renaming usage of v1beta1 to v1, and adding API violation exceptions and 
vendor module for v1
 2022-09-09 06:11:06 +00:00
Davanum Srinivas
a9593d634c
Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-07-26 13:14:05 -04:00
andyzhangx
8b0ac045e2 fix image pulling failure when IMDS is unavailalbe in kubelet startup 
fix test failure
 2022-06-12 04:57:42 +00:00
Stephen Augustus
621c4aa599
etcd: Update container repo to gcr.io/etcd-development/etcd 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-04-13 19:04:01 -04:00
Aditi Sharma
ed16ef2206 Move feature flag credential provider to beta 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2022-03-24 22:43:38 +05:30
Kubernetes Prow Robot
f50e076756
Merge pull request #107590 from ialidzhikov/golint/credentialprovider-plugin 
Nit: Replace `errors.New(fmt.Sprintf(...))` with `fmt.Errorf(...)`
 2022-02-21 06:34:14 -08:00
ialidzhikov
f3fcfef5a7 Replace errors.New(fmt.Sprintf(...)) with fmt.Errorf(...) 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2022-02-20 11:23:48 +02:00
andyzhangx
3867b3e1f8 increase Azure ACR credential provider timeout 2022-02-18 12:29:10 +00:00
Davanum Srinivas
9682b7248f
OWNERS cleanup - Jan 2021 Week 1 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-01-10 08:14:29 -05:00
Davanum Srinivas
497e9c1971
Cleanup OWNERS files (No Activity in the last year) 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-15 10:34:02 -05:00
Davanum Srinivas
9405e9b55e
Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-09 21:31:26 -05:00
Kubernetes Prow Robot
5130d43200
Merge pull request #102802 from adisky/metrics-credential-provider-1 
Add Metrics for Kubelet credential provider
 2021-09-27 11:02:22 -07:00
wojtekt
d9b08c611d Migrate to k8s.io/utils/clock 2021-09-17 15:19:08 +02:00
Aditi Sharma
7c5d6c0844 Add metric for credential provider 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-09-17 11:03:36 +00:00
qulifeng
054271445e fix Log attempts to output resp.Body 2021-09-06 23:01:03 +08:00
Stephen Augustus
481cf6fbe7
generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-08-24 15:47:49 -04:00
Owen Strain
a947c32783 Add feature gate to disable in-tree credential providers 2021-08-05 16:50:13 +00:00
Kubernetes Prow Robot
d1479ea431
Merge pull request #103231 from n4j/bug/CredentialProviderFailsOnECR 
Appended OS's environment variables to the ones configured in Credent…
 2021-08-04 18:59:59 -07:00
Neeraj Shah
75f0007d2b Overlaid OS's environment variables with the ones specified in the CredentialProviderConfig 
- Removed dependency with cmd.Run's stub
- Added test cases

Signed-off-by: Neeraj Shah <neerajx86@gmail.com>
 2021-07-23 09:45:19 +05:30
Davanum Srinivas
26cc8e40a8
fix deadcode issues 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-07-14 08:41:21 -04:00
Aditi Sharma
def93317b4 Kubelet Credential Provider 
Improve concurrency and cache for credential provider

Removed lock from "Provide" as it can be called in parallel
from image puller. To avoid execing for the same image concurrently
wrapped exec in singleflight.

Purging the cache for expried data with 15mins interval only when
a request for credential is made.

KEP:2133

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-06-28 21:15:03 +05:30
Kubernetes Prow Robot
43a32c14f5
Merge pull request #100686 from hasheddan/azure-credential-client 
Add timeout to Azure ACR credential provider
 2021-04-21 01:10:11 -07:00
Kubernetes Prow Robot
24350a922e
Merge pull request #101086 from enj/enj/i/auth_owners_gen 
Prune stale entries from OWNERS files
 2021-04-15 08:27:50 -07:00
Kubernetes Prow Robot
3c20c5aa2f
Merge pull request #100177 from wangyx1992/wrapped-error 
fix errors in wrapped format
 2021-04-13 23:24:42 -07:00
Monis Khan
91241eac9b
Prune stale entries from OWNERS files 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-04-13 20:54:50 -04:00
hasheddan
7c7cff6d27
Add timeout to Azure ACR credential provider 
Adds a default timeout to the Azure ACR HTTP client to avoid hanging
when unable to reach server.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
 2021-03-30 17:15:54 -05:00
wangyx1992
34c2b2360b fix errors in wrapped format 
Signed-off-by: wangyx1992 <wang.yixiang@zte.com.cn>
 2021-03-26 14:57:55 +08:00
Nick Turner
d422a92e66 Fix ECR provider startup latency 
* Before this change, even on non-AWS platforms, the Enabled() check attempts
  to make calls to the metadata endpoint when the session and credentials
  are initialized (in order to determine if the provider should be
  initialized at all).
* This can cause latency because the SDK times out and retries -- up to
  20 seconds of latency has been observed on non-AWS platforms when the
  metadata IP was blocked with an iptables rule.
* Instead, check once if we are running on an EC2 platform, first trying
  to find the EC2 UUID in system files, and second attempting to get
  credentials.
* Add a benchmark test that includes intialization and the credential
  check.
 2021-03-19 23:37:11 +00:00
Kermit Alexander
0dcafb1f37 Add RegistryConfig/RegistryConfigEntry. 2021-03-02 00:08:54 +00:00
Kermit Alexander
42fb89eb89 Move config and provider code out of pkg/credentialprovider and into staging. 2021-03-02 00:07:02 +00:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Nikhita Raghunath
dc3f59c881 *: remove mbohlool from reviewers 2021-02-16 10:59:27 +05:30
10177505
2ecbf7e4f5 fix klog.Info -> klog.Infof 2021-01-15 17:22:58 +08:00
Gurleen Grewal
7a0b5acf00 Fix golint issues in pkg/credentialprovider/plugin 2020-12-08 15:11:44 -08:00
andyzhangx
48ba8830cd fix pull image error from multiple ACRs using azure managed identity 
fix comments

fix comment

fix comments

fix comments

fix comments

fix comments

fix bazel
 2020-11-12 09:51:26 +00:00
Andrew Sy Kim
aadc1d25b3 pkg/credentialprovider: export URL parsing and matching helper functions 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-11-10 13:44:07 -05:00
Andrew Sy Kim
5344afd4fb pkg/credentialprovider: add initial exec-based credential provider plugin 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-11-10 13:44:07 -05:00
Andy Zhang
9056e3a86a
add andyzhangx as reviewer 2020-11-08 16:55:03 +08:00
Andrew Sy Kim
44e6998f1b kubelet: add unit tests for imagePullSecrets keyring 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-09-23 14:11:10 -04:00
Nikolaos Moraitis
b907f9e118 avoid potential secret leaking while reading .dockercfg 
There are a lot of scenarios where an invalid .dockercfg file
will still contain secrets. This commit removes logging of the
contents to avoid any potential leaking and manages the actual error
by printing to the user the actual location of the invalid file.

Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
 2020-09-14 15:39:05 +02:00
Jordan Liggitt
1420b377e4 Add providerless tags 2020-07-30 13:48:40 -04:00
Benjamin Elder
d8f2b131b5 remove david-mcmahon from reviewers 2020-06-30 14:06:58 -07:00
Benjamin Elder
2abc8afece eparis to emeritus 2020-06-30 09:50:44 -07:00
andyzhangx
fe873af660 fix: don't use docker config cache if it's empty 
add one comment

test: add unit test

fix comments

fix comments

revert test change

fix comments
 2020-06-22 15:10:47 +00:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
David Parks
333b0493fb fix: ACR auth fails in private azure clouds 2020-04-24 19:13:52 -07:00
martin-schibsted
9ba2bd57fb
Improve error message (#82829) 
* Improve error message

* Update pkg/credentialprovider/config.go

Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>

Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2020-03-20 00:02:36 -07:00