github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95,128 Commits 1 Branch 31 Tags
3b51cd1b1e9529d541a46bf754f40bc2f24dba8b
Commit Graph

2762 Commits

Author SHA1 Message Date
Charles Eckman
5a176ac772 Provide OIDC discovery endpoints 
- Add handlers for service account issuer metadata.
- Add option to manually override JWKS URI.
- Add unit and integration tests.
- Add a separate ServiceAccountIssuerDiscovery feature gate.

Additional notes:
- If not explicitly overridden, the JWKS URI will be based on
  the API server's external address and port.

- The metadata server is configured with the validating key set rather
than the signing key set. This allows for key rotation because tokens
can still be validated by the keys exposed in the JWKs URL, even if the
signing key has been rotated (note this may still be a short window if
tokens have short lifetimes).

- The trust model of OIDC discovery requires that the relying party
fetch the issuer metadata via HTTPS; the trust of the issuer metadata
comes from the server presenting a TLS certificate with a trust chain
back to the from the relying party's root(s) of trust. For tests, we use
a local issuer (https://kubernetes.default.svc) for the certificate
so that workloads within the cluster can authenticate it when fetching
OIDC metadata. An API server cannot validly claim https://kubernetes.io,
but within the cluster, it is the authority for kubernetes.default.svc,
according to the in-cluster config.

Co-authored-by: Michael Taufen <mtaufen@google.com>
 2020-02-11 16:23:31 -08:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Kubernetes Prow Robot
334d788f08 Merge pull request #87299 from mikedanese/ctx 
context in client-go
 2020-02-08 06:43:52 -08:00
Kubernetes Prow Robot
b61f89dd25 Merge pull request #85321 from MikeSpreitzer/apf-printers 
Added server-side printers for API priority and fairness
 2020-02-07 18:31:58 -08:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Kubernetes Prow Robot
888bfd62c3 Merge pull request #87897 from kubernetes/revert-85861-scheduler-perf-collect-data-items-from-metrics 
Revert "Collect some of scheduling metrics and scheduling throughput"
 2020-02-07 05:58:06 -08:00
Kubernetes Prow Robot
9c1e124b15 Merge pull request #87823 from tallclair/test-tokens 
Ensure testing credentials are labeled as such
 2020-02-06 17:47:29 -08:00
Mike Danese
38ecb30c58 Revert "Collect some of scheduling metrics and scheduling throughput" 2020-02-06 10:18:00 -08:00
Kubernetes Prow Robot
6858c25ee4 Merge pull request #85861 from ingvagabund/scheduler-perf-collect-data-items-from-metrics 
Collect some of scheduling metrics and scheduling throughput
 2020-02-06 07:05:34 -08:00
Tim Allclair
9d3670f358 Ensure testing credentials are labeled as such 2020-02-04 10:36:05 -08:00
Kubernetes Prow Robot
d52ecd5f70 Merge pull request #86430 from wojtek-t/avoid_thundering_herd_on_etcd 
Avoid thundering herd of relists on etcd
 2020-02-03 23:09:25 -08:00
Jan Chaloupka
8a1c4a5a88 Collect some of scheduling metrics and scheduling throughput 
In addition to getting overall performance measurements from golang benchmark,
collect metrics that provides information about insides of the scheduler itself.
This is a first step towards improving what we collect about the scheduler.

Metrics in question:
- scheduler_scheduling_algorithm_predicate_evaluation_seconds
- scheduler_scheduling_algorithm_priority_evaluation_seconds
- scheduler_binding_duration_seconds
- scheduler_e2e_scheduling_duration_seconds

Scheduling throughput is computed on the fly inside perfScheduling.
 2020-02-02 18:02:49 +01:00
Kubernetes Prow Robot
536c2c8918 Merge pull request #87706 from liggitt/fix-statefulset-conversion 
Fix statefulset conversion
 2020-01-31 20:08:16 -08:00
wojtekt
b11b7d354d WatchBasedManager stops watching immutable objects 2020-01-31 20:53:21 +01:00
Jordan Liggitt
82107ff8ab Restore statefulset conversion that populates apiVersion/kind in volume templates 2020-01-31 07:47:35 -05:00
wojtekt
5dcf08c199 Switch pager to return whether the result was paginated 2020-01-31 11:50:23 +01:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
YuikoTakada
03974c1ea4 Fix static check failures in test/integration/deployment 2020-01-28 06:08:37 +00:00
Kubernetes Prow Robot
4630690eae Merge pull request #87457 from 928234269/fix_staticcheck03 
fix static check errors in test/integration/etcd
 2020-01-22 20:37:47 -08:00
Kubernetes Prow Robot
03cb6afc1a Merge pull request #87442 from jennybuckley/smd-3 
Update structured-merge-diff dependency to v3
 2020-01-22 20:37:26 -08:00
Aldo Culquicondor
4a5ab84dcc Move default binding to a plugin 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-01-22 14:13:33 -05:00
Sakura
8c6d7a7086 fix static check errors in test/integration/etcd 
Signed-off-by: Sakura <longfei.shang@daocloud.io>
 2020-01-22 23:16:26 +08:00
jennybuckley
b33fbc84d9 Update Structured Merge Diff to V3 2020-01-21 15:23:13 -08:00
Mike Spreitzer
ce12105edc Added server-side printers for the API object types for API priority and fairness 2020-01-20 01:49:05 -05:00
Kubernetes Prow Robot
08dd4f5478 Merge pull request #87357 from yutedz/apisvr-flow-cntl 
Add flowcontrol to apiVersionPriorities
 2020-01-19 17:07:36 -08:00
Ted Yu
34f0767137 Add flowcontrol to apiVersionPriorities 2020-01-19 14:16:46 -08:00
Kubernetes Prow Robot
3538320d74 Merge pull request #87165 from alculquicondor/cleanup/mv_snapshot_2 
Move Snapshot to internal/cache
 2020-01-17 17:14:07 -08:00
Aldo Culquicondor
f53d7e55df Move Snapshot from nodeinfo/snapshot to internal/cache 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-01-17 13:29:41 -05:00
Kubernetes Prow Robot
127a2edafd Merge pull request #87298 from mikedanese/prectx 
rename some declartions named context in tests
 2020-01-17 10:14:57 -08:00
Wei Huang
c712230ac1 Implement default queue sort logic as a scheduler plugin 2020-01-16 19:10:43 -08:00
Mike Danese
d86fcd8c90 rename some declartions named context in tests 2020-01-16 15:09:28 -08:00
notpad
372d09cd15 Add integration test for NodeResourceLimits plugin 2020-01-15 08:12:58 +08:00
Kubernetes Prow Robot
2c800c5a70 Merge pull request #86985 from ahg-g/ahg-cleanup4 
Remove test/integration dependency on predicates and algorithmprovider
 2020-01-08 21:29:58 -08:00
Kubernetes Prow Robot
4d41f4809f Merge pull request #86890 from damemi/move-selector-spread-to-plugin 
Move selector spreading priority code to plugin
 2020-01-08 21:29:45 -08:00
Abdullah Gharaibeh
c86f59610c remove test/integration dependency on predicates and algorithmprovider 2020-01-08 19:51:22 -05:00
Kubernetes Prow Robot
8046feb2b3 Merge pull request #86947 from gavinfish/drfish_redundant_nil_check 
Remove redundant nil check in apiserver integration test
 2020-01-08 14:46:34 -08:00
Mike Dame
d227b7822f Move selector spreading priority code to plugin 2020-01-08 13:37:37 -05:00
Kubernetes Prow Robot
35434fdfea Merge pull request #86901 from tanjunchen/staticcheck-002 
staticcheck:test/integration/master/
 2020-01-08 02:58:55 -08:00
gavinfish
68532e0c0f Remove redundant nil check 2020-01-08 15:28:46 +08:00
tanjunchen
8d313f333e staticcheck:test/integration/master/ 2020-01-07 21:56:37 +08:00
tanjunchen
264a1cf5f6 staticcheck:test/integration/auth/ 2020-01-07 15:23:19 +08:00
Kubernetes Prow Robot
c409446d41 Merge pull request #86781 from SataQiu/staticcheck-20200102 
Fix staticcheck failures of test/integration/client test/integration/disruption
 2020-01-06 13:34:45 -08:00
Abdullah Gharaibeh
d31dcecd20 cleanup unused scheduler functions/files 2020-01-03 19:09:14 -05:00
SataQiu
17b0b77026 fix staticcheck failures of test/integration/client test/integration/disruption 2020-01-03 17:23:35 +08:00
Kubernetes Prow Robot
b3c4c90a72 Merge pull request #86673 from ahg-g/ahg1-provider 
Define algorithm providers in terms of plugins
 2020-01-02 22:25:53 -08:00
Kubernetes Prow Robot
cc5144ff13 Merge pull request #86160 from notpad/feautre/scheduler_perf 
Define workloads specs by YAML
 2020-01-02 19:15:41 -08:00
Abdullah Gharaibeh
b535ed3b0c Merge scheduler's ConfigProducerRegistry into LegacyRegistry 2020-01-02 16:40:33 -05:00
Aresforchina
bf47d14c27 Fix staticcheck failures of test/integration/replicationcontroller 2019-12-31 17:16:01 +08:00
Kubernetes Prow Robot
36db62cd73 Merge pull request #86737 from oomichi/add-test-title-in-TestPreemption 
Output test description in TestPreemption
 2019-12-30 23:15:39 -08:00
Kubernetes Prow Robot
d0c719dbd9 Merge pull request #86716 from SataQiu/staticcheck-20191230 
Fix staticcheck failures of test/integration/scale test/integration/serviceaccount test/integration/serving test/integration/volume
 2019-12-30 20:39:39 -08:00