github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52,608 Commits 1 Branch 31 Tags 1,019 MiB
4a57d68da0
Commit Graph

403 Commits

Author SHA1 Message Date
deads2k
c2f8ef1b1a move insecure options to kubeapiserver 2017-03-27 13:55:45 -04:00
deads2k
3414231672 proxy to IP instead of name, but still use host verification 2017-03-27 12:33:03 -04:00
Kubernetes Submit Queue
b705835bae Merge pull request #42911 from deads2k/server-04-combined 
Automatic merge from submit-queue (batch tested with PRs 43694, 41262, 42911)

combine kube-apiserver and kube-aggregator

This combines several pulls currently in progress and wires them together.  The aggregator sits in front of the normal kube-apiserver and allows local fallthrough instead of proxying.

@kubernetes/sig-api-machinery-misc 
@DirectXMan12 since you seem invested, your life will get easier
@luxas FYI since you've started trying to wire something together.  



Dependent Pulls LGTM:
- [x] https://github.com/kubernetes/kubernetes/pull/42801
- [x] https://github.com/kubernetes/kubernetes/pull/42886
- [x] https://github.com/kubernetes/kubernetes/pull/42900
- [x] https://github.com/kubernetes/kubernetes/pull/42732
- [x] https://github.com/kubernetes/kubernetes/pull/42672
- [x] https://github.com/kubernetes/kubernetes/pull/43141
- [x] https://github.com/kubernetes/kubernetes/pull/43076
- [x] https://github.com/kubernetes/kubernetes/pull/43149
- [x] https://github.com/kubernetes/kubernetes/pull/43226
- [x] https://github.com/kubernetes/kubernetes/pull/43144
 2017-03-27 09:30:24 -07:00
Kubernetes Submit Queue
efa5322766 Merge pull request #42896 from deads2k/server-03-codec 
Automatic merge from submit-queue (batch tested with PRs 42900, 43044, 42896, 43308, 43621)

require codecfactory

The genericapiserver requires a codec to start.  Help new comers to the API by forcing them to set it when they create a new config.
 2017-03-27 08:32:27 -07:00
deads2k
8e26fa25da wire in aggregation 2017-03-27 09:44:10 -04:00
deads2k
087a030221 require codecfactory 2017-03-27 08:19:08 -04:00
deads2k
f31eb0a77f force callers to specify the cert dns names 2017-03-27 07:49:01 -04:00
Kubernetes Submit Queue
b8fc6a093a Merge pull request #43149 from deads2k/server-07-clean-kube-start 
Automatic merge from submit-queue

break kube-apiserver start into stages

This is a code shuffle which breaks the kube-apiserver start into
 1. set defaults on the options
 1. create the generic config from the options
 1. create the master config from the generic config and the options

This makes apiserver composition easy/possible later on.
 2017-03-25 23:55:50 -07:00
deads2k
4acd751101 break kube-apiserver start into stages 2017-03-22 15:54:16 -04:00
deads2k
5b08029e79 start informers as a post-start-hook 2017-03-16 11:12:17 -04:00
Kubernetes Submit Queue
df70b30e59 Merge pull request #40537 from gnufied/fix-multizone-pv-breakage 
Automatic merge from submit-queue

Fix Multizone pv creation on GCE

When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.

cc @derekwaynecarr @childsb
 2017-03-05 11:16:46 -08:00
Kubernetes Submit Queue
ef6c5d02b0 Merge pull request #39821 from stu-gott/apiserver-checketcd 
Automatic merge from submit-queue (batch tested with PRs 41931, 39821, 41841, 42197, 42195)

Apiserver: wait for Etcd to become available on startup

fixes #37704
 2017-03-01 20:07:57 -08:00
Maciej Szulik
c272630b1b Deployments under apps/v1beta1 with new defaults 2017-03-01 15:14:41 +01:00
Stu Gott
85156e3c5c Apiserver: wait for etcd to become available on startup 2017-02-28 12:52:35 -05:00
Hemant Kumar
b0581d688d Fix Multizone pv creation on GCE 
When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.
 2017-02-28 12:24:14 -05:00
deads2k
5cfe26dece add aggregation integration test 2017-02-28 08:42:06 -05:00
Kubernetes Submit Queue
1a2ec1adcb Merge pull request #41969 from wojtek-t/use_protobufs_for_self_communication_in_apiserver 
Automatic merge from submit-queue (batch tested with PRs 41994, 41969, 41997, 40952, 40576)

Use protobufs for self-communication

@deads2k @liggitt
 2017-02-26 12:57:56 -08:00
Kubernetes Submit Queue
1519422aba Merge pull request #41814 from deads2k/agg-06-cas 
Automatic merge from submit-queue

add client-ca to configmap in kube-public

Client CA information is not secret and it's required for any API server trying to terminate a TLS connection.  This pull adds the information to configmaps in `kube-public` that look like this:


```yaml
apiVersion: v1
data:
  client-ca.crt: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  requestheader-allowed-names: '["system:auth-proxy"]'
  requestheader-client-ca-file: |
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  requestheader-extra-headers-prefix: '["X-Remote-Extra-"]'
  requestheader-group-headers: '["X-Remote-Group"]'
  requestheader-username-headers: '["X-Remote-User"]'
kind: ConfigMap
metadata:
  creationTimestamp: 2017-02-22T17:54:37Z
  name: extension-apiserver-authentication
  namespace: kube-system
  resourceVersion: "6"
  selfLink: /api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication
  uid: fa1dd328-f927-11e6-8b0e-28d2447dc82b

```

@kubernetes/sig-auth-api-reviews @liggitt @kubernetes/sig-api-machinery-pr-reviews @lavalamp @sttts 


There will need to be a corresponding pull for permissions
 2017-02-26 09:32:44 -08:00
deads2k
4a06b69579 add client-ca to configmap in kube-public 2017-02-24 14:51:12 -05:00
Andy Goldstein
022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Wojciech Tyczynski
96250a718b Use protobufs for self-communication 2017-02-23 14:40:22 +01:00
Eric Chiang
a0df658b20 kube-apiserver: add a bootstrap token authenticator for TLS bootstrapping 2017-02-21 08:43:55 -08:00
Dr. Stefan Schimanski
5e77d01897 k8s.io/apiserver: straighten EtcdOptions, backend Config and kube RESTOptionsFactory 2017-02-15 10:24:59 +01:00
Dr. Stefan Schimanski
27e01b5c46 k8s.io/apiserver: fixup imports and renamed packages 2017-02-15 10:24:58 +01:00
deads2k
2b6b02c6ba auto-create the loopback token 2017-02-13 11:18:34 -05:00
deads2k
a463540d47 remove duplication of RESTOptionsGetter for kube 2017-02-08 09:08:58 -05:00
deads2k
470cb9d2c9 streamline etcd options for aggregated api server 2017-02-08 09:07:47 -05:00
Kubernetes Submit Queue
fa14198bb2 Merge pull request #41083 from deads2k/apiserver-02-audit 
Automatic merge from submit-queue (batch tested with PRs 38796, 40823, 40756, 41083, 41105)

Add more options to the RecommendedOptions struct.

Builds on https://github.com/kubernetes/kubernetes/pull/41028

Adds `AuditOptions` to the `RecommendedOptions`

@sttts @kubernetes/sig-api-machinery-pr-reviews
 2017-02-08 00:49:49 -08:00
deads2k
b410b387ee move storage serialization type to etcd options 2017-02-07 13:56:19 -05:00
deads2k
cc75d51897 add feature enablement options to recommendedoptions 2017-02-07 13:56:19 -05:00
deads2k
226af4adc4 move --runtime-config to kubeapiserver 2017-02-07 13:43:13 -05:00
deads2k
51b5d5a51b move auditoptions to separate struct 2017-02-07 13:03:08 -05:00
Kubernetes Submit Queue
42973b0523 Merge pull request #40947 from deads2k/apiserver-04-invert 
Automatic merge from submit-queue (batch tested with PRs 41023, 41031, 40947)

apiserver command line options lead to config

Logically command line options lead to config, not the other way around.  We're clean enough now we can actually do the inversion.

WIP because I have some test cycles to fix, but this is all the meat.

@kubernetes/sig-api-machinery-misc
 2017-02-07 09:04:41 -08:00
deads2k
250408ee9c apiserver command line options lead to config 2017-02-07 07:57:11 -05:00
deads2k
58992ce8d2 move admission read logic 2017-02-07 07:44:14 -05:00
Dr. Stefan Schimanski
536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Kubernetes Submit Queue
62c9cb4684 Merge pull request #40853 from sttts/sttts-more-cutoffs-7 
Automatic merge from submit-queue (batch tested with PRs 35782, 35831, 39279, 40853, 40867)

genericapiserver: cut off more dependencies – episode 7

Follow-up of https://github.com/kubernetes/kubernetes/pull/40822

approved based on #40363
 2017-02-02 09:53:52 -08:00
Kubernetes Submit Queue
f66679a4e9 Merge pull request #35782 from piosz/remove-hpa-ext 
Automatic merge from submit-queue

Removed HPA objects from extensions api group

fix #29778

``` release-note
HorizontalPodAutoscaler is no longer supported in extensions/v1beta1 version. Use autoscaling/v1 instead.
```

 cc @kubernetes/autoscaling
 2017-02-02 09:42:33 -08:00
Dr. Stefan Schimanski
bfe0d50ce8 pkg/genericapiserver/server: cut off from pkg/api 2017-02-02 15:19:01 +01:00
Piotr Szczesniak
a35ad8f6ba Removed HPA objects from extensions api group 2017-02-02 14:09:54 +01:00
mbohlool
9623d05f79 Move post processing/backward compatibility of openapi out of generic package 2017-02-02 00:37:36 -08:00
Kubernetes Submit Queue
c523476d6f Merge pull request #40124 from mbohlool/separation 
Automatic merge from submit-queue

Use full package path for definition name in OpenAPI spec

We were using short package name (last part of package name) plus type name for OpenAPI spec definition name. That can result in duplicate names and make the spec invalid. To be sure we will always have unique names, we are going to use full package name as definition name. Also "x-kubernetes-tag" custom field is added to definitions to list Group/Version/Kind for the definitions that has it. This will help clients to discover definitions easier.
Lastly, we've added a reference from old definition names to the new ones to keep backward compatibilities. The list of old definitions will not be updated.

**Release note**:
- Rename OpenAPI definition names to type's full package names to prevent duplicates
- Create OpenAPI extension "x-kubernetes-group-version-kind" for definitions to store Group/Version/Kind
- Deprecate old definition names and create a reference to the new definitions. Old definitions will be removed in the next release.
 2017-02-01 12:06:39 -08:00
deads2k
384c873914 remove unneeded storage options 2017-01-31 13:44:39 -05:00
mbohlool
239169a5a4 Use full package path as definition name in OpenAPI 2017-01-30 20:05:18 -08:00
deads2k
9775269fb9 move genericapiserver/server/filters to apiserver 2017-01-27 08:49:30 -05:00
Dr. Stefan Schimanski
3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
deads2k
52ec66ee85 remove api dependency from admission 2017-01-18 08:09:48 -05:00
deads2k
de725e56e2 prevent anonymous auth and allow all 2017-01-17 10:16:33 -05:00
Dr. Stefan Schimanski
1a7242a84c Move BuildDefaultStorageFactory to kubeapiserver 2017-01-16 14:25:58 +01:00
deads2k
9a8bf348a6 move tunneler out of generic 2017-01-12 08:21:58 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Kubernetes Submit Queue
addc6cae4a Merge pull request #38212 from mikedanese/kubeletauth 
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)

Generate a kubelet CA and kube-apiserver cert-pair for kubelet auth.

cc @cjcullen
 2017-01-10 19:48:09 -08:00
Kubernetes Submit Queue
de59ede6b2 Merge pull request #37784 from bruceauyeung/k8s-branch-fix-glog-message-typo 
Automatic merge from submit-queue

fix glog message typo about init deserialization cache and watch cache

**What this PR does / why we need it**:
fix typo  `Initalizing` to `Initializing` 

Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
 2017-01-06 17:43:32 -08:00
Kubernetes Submit Queue
f76fba0da0 Merge pull request #39435 from sttts/sttts-cloudprovider-to-master 
Automatic merge from submit-queue

Move apiserver cloudprovider dep into kubeapiserver
 2017-01-05 02:29:11 -08:00
Dr. Stefan Schimanski
f96fa748d8 Move apiserver cloudprovider dep into kubeapiserver 2017-01-05 09:40:03 +01:00
Mike Danese
3ab0e37cc6 implement upgrades 2017-01-04 11:45:57 -08:00
CJ Cullen
d0997a3d1f Generate a kubelet CA and kube-apiserver cert-pair for kubelet auth. 
Plumb through to kubelet/kube-apiserver on gci & cvm.
 2017-01-03 14:30:45 -08:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
deads2k
ab1b77673f decouple genericapiserver from non-generic authenticator 2016-12-22 07:48:08 -05:00
deads2k
a3564c0aa8 start kubeapiserver package for sharing between kubeapiserver and federation 2016-12-22 07:43:42 -05:00
Kubernetes Submit Queue
5b2823adb9 Merge pull request #38191 from sttts/sttts-move-master-options 
Automatic merge from submit-queue

Move non-generic apiserver code out of the generic packages
 2016-12-17 01:25:45 -08:00
Maciej Szulik
9f064c57ce Remove extensions/v1beta1 Job 2016-12-17 00:07:24 +01:00
Dr. Stefan Schimanski
3be6b3c045 pkg/apiserver: remove unused code 2016-12-16 17:47:47 +01:00
Dr. Stefan Schimanski
5e8ca29a76 Clean up apiserver and federation defaulting and validation 2016-12-16 17:23:43 +01:00
Dr. Stefan Schimanski
7267299c3c genericapiserver: move MasterCount and service options into master 2016-12-16 17:23:43 +01:00
Kubernetes Submit Queue
6fa4042211 Merge pull request #38690 from sttts/sttts-swagger-postbuildhandler 
Automatic merge from submit-queue

genericapiserver: unify swagger and openapi in config

- make swagger config customizable
- remove superfluous `Config.Enable*` flags for OpenAPI and Swagger.

This is necessary for downstream projects to tweak the swagger spec.
 2016-12-14 11:11:02 -08:00
Dr. Stefan Schimanski
cab89a67df genericapiserver: unify swagger and openapi in config 2016-12-14 18:41:04 +01:00
Dr. Stefan Schimanski
e57ef4327f Document broken behaviour with KUBE_API_VERSIONS 2016-12-14 09:35:47 +01:00
Dr. Stefan Schimanski
543417dbf0 Replace apiserver glog.Fatals with fmt.Errorfs 2016-12-14 09:35:47 +01:00
Kubernetes Submit Queue
cbf497b749 Merge pull request #38119 from liggitt/long-running 
Automatic merge from submit-queue (batch tested with PRs 37032, 38119, 38186, 38200, 38139)

Detect long-running requests from parsed request info

Follow up to https://github.com/kubernetes/kubernetes/pull/36064

Uses parsed request info to more tightly match verbs and subresources

Removes regex-based long-running request path matching (which is easily fooled)

```release-note
The --long-running-request-regexp flag to kube-apiserver is deprecated and will be removed in a future release. Long-running requests are now detected based on specific verbs (watch, proxy) or subresources (proxy, portforward, log, exec, attach).
```
 2016-12-06 18:29:35 -08:00
Kubernetes Submit Queue
d4d6a32e9b Merge pull request #38123 from deads2k/api-48-remove-fields 
Automatic merge from submit-queue (batch tested with PRs 38194, 37594, 38123, 37831, 37084)

remove unnecessary fields from genericapiserver config

Cleans up some unnecessary fields in the genericapiserver config.
 2016-12-06 17:41:33 -08:00
deads2k
b723333be3 move APIResourceConfigSource to master 2016-12-06 10:19:25 -05:00
deads2k
6ea1d5d53d join client CA bundles into the accept path for genericapiserver 2016-12-06 09:56:13 -05:00
deads2k
fbb35b72ed update delegating auth to include front-proxy 2016-12-06 09:40:07 -05:00
deads2k
4f625db133 move client-ca to authentication args 2016-12-06 09:34:49 -05:00
Jordan Liggitt
4359054616
Detect long-running requests from parsed request info 2016-12-05 16:46:28 -05:00
deads2k
2923d09091 remove rbac super user 2016-12-05 13:49:54 -05:00
Dr. Stefan Schimanski
a4cf364dbd Replace glog.Fatals with "return fmt.Errorf" in apiservers 2016-12-05 16:05:52 +01:00
Dr. Stefan Schimanski
5b1d45bc15 Stratify certificate loading and self-sign cert generation 
This removes all dependencies on Config during cert generation, only operating
on ServerRunOptions. This way we get rid of the repeated call of Config.Complete
and cleanly stratify the GenericApiServer bootstrapping.
 2016-12-05 14:58:15 +01:00
Dr. Stefan Schimanski
eeb582e53f Move DefaultServiceIPRange into pkg/master 2016-12-03 18:34:22 +01:00
bruceauyeung
84fd2f2f76 fix glog message typo 
Signed-off-by: bruceauyeung <ouyang.qinhua@zte.com.cn>
 2016-12-01 15:24:44 +08:00
deads2k
ab9a842f3c add loopback auth defaulting to generic apiserver 2016-11-29 11:02:35 -05:00
deads2k
6846855929 add delegating authorization flags and options 2016-11-29 10:59:43 -05:00
deads2k
ca2b5f136e split authorization from main options struct 2016-11-29 10:59:43 -05:00
deads2k
7c0e48f544 split out authentication options 2016-11-29 10:59:43 -05:00
deads2k
56b7a8b02b remove some options from mega-struct 2016-11-29 10:59:43 -05:00
deads2k
18074d7606 split insecure serving options 2016-11-29 10:59:42 -05:00
deads2k
a08f3ba521 split secure serving options 2016-11-29 10:59:42 -05:00
deads2k
a9af8206cb split generic etcdoption out of main struct 2016-11-29 10:59:42 -05:00
Clayton Coleman
35a6bfbcee
generated: refactor 2016-11-23 22:30:47 -06:00
Chao Xu
643f0bbd34 other cmd/ 2016-11-23 15:53:09 -08:00
Kubernetes Submit Queue
860cae0933 Merge pull request #35488 from dixudx/keystone-ca-cert 
Automatic merge from submit-queue

specify custom ca file to verify the keystone server

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Sometimes the keystone server's certificate is self-signed, mainly used for internal development, testing and etc.

For this kind of ca, we need a way to verify the keystone server.

Otherwise, below error will occur.

> x509: certificate signed by unknown authority

This patch provide a way to pass in a ca file to verify the keystone server when starting `kube-apiserver`.

**Which issue this PR fixes** : fixes #22695, #24984

**Special notes for your reviewer**:

**Release note**:

<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->

``` release-note
```
 2016-11-08 13:13:00 -08:00
Maciej Szulik
41d88d30dd Rename ScheduledJob to CronJob 2016-11-07 10:14:12 +01:00
Di Xu
dd6c980949 specify custom ca file to verify the keystone server 2016-11-04 15:11:41 +08:00
deads2k
d82f98c9b3 remove non-generic options from genericapiserver.Config 2016-11-03 11:48:33 -04:00
deads2k
f56cbfa8d5 add healthz to genericapiserver 2016-11-01 14:39:33 -04:00
Dr. Stefan Schimanski
d0b3981f07 Make GenericApiServer.Run interruptable and fail on first listen 2016-11-01 09:50:56 +01:00
Dr. Stefan Schimanski
ab3ce27f01 Make master+federation ServerRunOptions embeddings explicit 2016-10-31 11:04:58 +01:00
Dr. Stefan Schimanski
b798527793 Rename master/options/{APIServer -> ServerRunOptions} 2016-10-31 10:55:19 +01:00