github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
110,078 Commits 1 Branch 31 Tags 1,019 MiB
22cb7ac766
Commit Graph

220 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
3051cb2ba1
Merge pull request #108624 from ialidzhikov/cleanup/service-account-api-audiences 
apiserver: Remove the deprecated `--service-account-api-audiences` flag
 2022-08-02 09:15:44 -07:00
Davanum Srinivas
a9593d634c
Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-07-26 13:14:05 -04:00
Kubernetes Prow Robot
37311a2eed
Merge pull request #103663 from bells17/fix-priority-plugin-comment 
Fix Priority plugin comment
 2022-07-25 07:40:35 -07:00
Jordan Liggitt
410ac59c0d Remove PodSecurityPolicy admission plugin 2022-05-04 16:00:56 -04:00
Jefftree
67d3dbfaae Separate OpenAPI V2 and V3 Config 2022-03-29 17:49:56 -07:00
ialidzhikov
92707cafbb apiserver: Remove the deprecated --service-account-api-audiences flag 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2022-03-10 09:46:20 +02:00
bryfry
038ad9b3a5 correct references to service-account-signing-key-file flag 2022-01-30 04:24:25 +00:00
Shubham Kuchhal
ef2be5586e Add supported 'alg' header values. 2021-09-16 14:02:21 +05:30
Monis Khan
b5ef684d90
admission: run PodSecurity before PodSecurityPolicy 
This change fixes the order in which the PodSecurity and
PodSecurityPolicy admission plugins are run.  The old code intended
for PSA to run before PSP, but attempted to enforce that via
registration order (which is irrelevant).  Now PSA is correctly
executed before PSP to allow for audit and warning modes to be
exercised even in the presence of a deny PSP policy.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-09-01 11:39:58 -04:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Mengjiao Liu
7911a08fb3 Remove ServiceAccountIssuerDiscovery feature gate 2021-07-14 18:43:59 +08:00
bells17
62c444b484 Fix Priority plugin comment 2021-07-13 20:37:05 +09:00
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Shihang Zhang
925900317e allow multiple of --service-account-issuer 2021-04-19 09:54:11 -07:00
Kubernetes Prow Robot
42a4953c6e
Merge pull request #100186 from yangjunmyfm192085/run-test28 
test: fix the error case of TestAuthenticationValidate
 2021-04-08 20:28:34 -07:00
Kubernetes Prow Robot
26fba1403b
Merge pull request #99528 from pandaamanda/apiserver_validation_code_optimization 
fix log message and optimize log format check logic
 2021-04-08 14:28:34 -07:00
JunYang
4e72e41387 test: fix the error of TestAuthenticationValidate 
Signed-off-by: JunYang <yang.jun22@zte.com.cn>
 2021-03-12 23:10:21 +08:00
xiongzhongliang
4a24a08f93 Optimize some codes 2021-03-05 18:23:39 +08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Shihang Zhang
cbf6e38bbd move RootCAConfigMap to ga 2021-02-22 15:59:27 -08:00
Kubernetes Prow Robot
1119a505ac
Merge pull request #98669 from liggitt/denyexec 
Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission
 2021-02-02 06:52:28 -08:00
Jordan Liggitt
3579f88e4d Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission 2021-02-01 16:55:22 -05:00
Michael Taufen
6aa80d9172 Graduate ServiceAccountIssuerDiscovery to GA 
Waiting on KEP updates first:
https://github.com/kubernetes/enhancements/pull/2363
 2021-02-01 11:44:23 -08:00
Tim Hockin
a8299079a5 Add denyserviceexternalips admission 2020-12-29 10:00:11 -08:00
Tim Hockin
02b77861ec Move defaultingressclass admission to net subdir 2020-12-28 09:58:30 -08:00
KeZhang
3562806d2d cleanup unused code for kubeapiserver 2020-12-09 09:29:34 +08:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Kubernetes Prow Robot
8d6829fe1e
Merge pull request #95896 from zshihang/flag 
make flags of TokenRequest required
 2020-11-05 18:36:50 -08:00
Shihang Zhang
a5021a4ddf make flags of TokenRequest required 2020-11-05 10:40:56 -08:00
Shihang Zhang
4c593b268a default service-account-extend-token-expiration to true 2020-11-05 09:07:01 -08:00
Shihang Zhang
d40f0c43c4 separate RootCAConfigMap from BoundServiceAccountTokenVolume 2020-11-04 17:10:39 -08:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Andrew Sy Kim
a0aebf96ec apiserver: support egress selection name 'controlplane' and deprecate 'master' 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-10-26 10:24:16 -04:00
Kubernetes Prow Robot
e7b9453972
Merge pull request #93537 from timuthy/enhancement.move-resourcequota 
Move ResourceQuota admission to k8s.io/apiserver lib
 2020-09-15 12:26:58 -07:00
David Eads
c0c033b12f generated 2020-09-14 09:24:41 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Tim Usner
70d440bc7e Move ResourceQuota admission to k8s.io/apiserver 2020-09-04 14:53:52 +02:00
yiduyangyi
e6c4633232 fix golint failures in pkg/kubeapiserver/options, fix some incorrect replace of receiver name 2020-07-23 19:02:07 +08:00
yiduyangyi
0520d75838 fix golint failures in pkg/kubeapiserver/options, rename receiver name of BuiltInAuthorizationOptions to o 2020-07-23 18:52:15 +08:00
yiduyangyi
e441c07fe2 fix golint failures in pkg/kubeapiserver/options, use API Server in commemts instead of APIServer 2020-07-23 18:41:37 +08:00
yiduyangyi
e2838df7c7 fix golint failures in pkg/kubeapiserver/options 2020-07-15 16:03:08 +08:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Tomas Nozicka
b22a170d46 Fix client-ca dynamic reload in apiserver 2020-04-29 16:03:09 +02:00
Jiajie Yang
ae0e52d28c Monitoring safe rollout of time-bound service account token. 2020-04-22 11:59:16 -07:00
Monis Khan
df292749c9
Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-03-11 20:55:47 -04:00
Rob Scott
132d2afca0
Adding IngressClass to networking/v1beta1 
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-03-01 18:17:09 -08:00
James Munnelly
d7e10f9869 Add Certificate signerName admission plugins 2020-02-27 15:50:14 +00:00
Jordan Liggitt
c80dcf56ee Ensure webhook/quota/deny admission comes last 2020-02-25 21:54:14 -05:00