github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
102,391 Commits 1 Branch 31 Tags
62c444b484e732b2f8a2b2a114481b1cda5b27a5
Commit Graph

444 Commits

Author SHA1 Message Date
bells17
62c444b484 Fix Priority plugin comment 2021-07-13 20:37:05 +09:00
David Ashpole
9dd59017c4 add tracing to webhook requests 2021-07-09 06:30:05 -07:00
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Mengjiao Liu
c694b9f761 CronJob: switch storage version to batch/v1 in 1.22 2021-05-27 18:07:16 +08:00
Gautier Delorme
34b0fcef5f remove go-openapi/spec 
Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
 2021-04-21 11:31:49 +02:00
Shihang Zhang
925900317e allow multiple of --service-account-issuer 2021-04-19 09:54:11 -07:00
Kubernetes Prow Robot
7f200cb75b Merge pull request #100868 from enj/enj/f/oidc_controller 
oidc authenticator: make library usage easier
 2021-04-10 19:04:20 -07:00
Kubernetes Prow Robot
42a4953c6e Merge pull request #100186 from yangjunmyfm192085/run-test28 
test: fix the error case of TestAuthenticationValidate
 2021-04-08 20:28:34 -07:00
Kubernetes Prow Robot
26fba1403b Merge pull request #99528 from pandaamanda/apiserver_validation_code_optimization 
fix log message and optimize log format check logic
 2021-04-08 14:28:34 -07:00
Monis Khan
5dd4c89df3 oidc authenticator: allow passing in CA via bytes 
This change updates the OIDC authenticator code to use a subset of
the dynamiccertificates.CAContentProvider interface to provide the
root CA bytes.  This removes the hard dependency on a file based CA
and makes it easier to use this code as a library.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-04-06 15:46:00 -04:00
JunYang
4e72e41387 test: fix the error of TestAuthenticationValidate 
Signed-off-by: JunYang <yang.jun22@zte.com.cn>
 2021-03-12 23:10:21 +08:00
Patrick Ohly
a94c141060 CSIStorageCapacity: promote API to beta 
The v1alpha1 API is left in place for now to ease the migration.
 2021-03-08 20:52:50 +01:00
xiongzhongliang
4a24a08f93 Optimize some codes 2021-03-05 18:23:39 +08:00
Jordan Liggitt
4515889574 Prefer v1 storage versions 2021-03-02 12:06:13 -05:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Shihang Zhang
cbf6e38bbd move RootCAConfigMap to ga 2021-02-22 15:59:27 -08:00
Kubernetes Prow Robot
1119a505ac Merge pull request #98669 from liggitt/denyexec 
Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission
 2021-02-02 06:52:28 -08:00
Jordan Liggitt
3579f88e4d Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission 2021-02-01 16:55:22 -05:00
Michael Taufen
6aa80d9172 Graduate ServiceAccountIssuerDiscovery to GA 
Waiting on KEP updates first:
https://github.com/kubernetes/enhancements/pull/2363
 2021-02-01 11:44:23 -08:00
Tim Hockin
a8299079a5 Add denyserviceexternalips admission 2020-12-29 10:00:11 -08:00
Tim Hockin
02b77861ec Move defaultingressclass admission to net subdir 2020-12-28 09:58:30 -08:00
KeZhang
3562806d2d cleanup unused code for kubeapiserver 2020-12-09 09:29:34 +08:00
Jordan Liggitt
afd92b3b3e Revert "plumb context with request deadline" 
This reverts commit 83f869ee13.
 2020-11-19 18:15:04 -05:00
Abu Kashem
83f869ee13 plumb context with request deadline 
- as soon as a request is received by the apiserver, determine the
timeout of the request and set a new request context with the deadline.
- the timeout filter that times out non-long-running requests should
use the request context as opposed to a fixed 60s wait today.
- admission and storage layer uses the same request context with the
deadline specified.
 2020-11-14 11:54:17 -05:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Kubernetes Prow Robot
40ef0ad6e9 Merge pull request #95002 from p0lyn0mial/upstream-supress-err-conn-killed 
stop logging killing connection/stream because serving request timed out and response had been started
 2020-11-10 12:37:51 -08:00
Maciej Borsz
4d81f7e129 Improve observability of node authorizer: 
* Adding some metrics to the graph
* Adding log message when node authorizer has synced

Change-Id: I3447d6bc389a0b82ded1db2a7a4ae41d79486c2b
 2020-11-10 08:40:46 +01:00
Lukasz Szaszkiewicz
057986e32c stops puting a stacktrace of aborted requests in the logs 
Aborted requests are the ones that were disrupted with http.ErrAbortHandler.
For example, the timeout handler will panic with http.ErrAbortHandler when a response to the client has been already sent
and the timeout elapsed.

Additionally, a new metric requestAbortsTotal was defined to count aborted requests. The new metric allows for aggregation for each group, version, verb, resource, subresource and scope.
 2020-11-09 09:23:40 +01:00
Kubernetes Prow Robot
8d6829fe1e Merge pull request #95896 from zshihang/flag 
make flags of TokenRequest required
 2020-11-05 18:36:50 -08:00
Shihang Zhang
a5021a4ddf make flags of TokenRequest required 2020-11-05 10:40:56 -08:00
Shihang Zhang
4c593b268a default service-account-extend-token-expiration to true 2020-11-05 09:07:01 -08:00
Shihang Zhang
d40f0c43c4 separate RootCAConfigMap from BoundServiceAccountTokenVolume 2020-11-04 17:10:39 -08:00
Kubernetes Prow Robot
d16112f76c Merge pull request #96052 from wojtek-t/fix_watchcache_size 
Disable watchcache for events
 2020-11-02 07:30:53 -08:00
Abu Kashem
c09828e47d thorw error if webhook retry backoof is not specified 2020-11-01 10:22:20 -05:00
Abu Kashem
53a1307f68 make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
wojtekt
5a8f94cb30 Disable watchcache for events 2020-10-31 19:51:33 +01:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Andrew Sy Kim
a0aebf96ec apiserver: support egress selection name 'controlplane' and deprecate 'master' 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-10-26 10:24:16 -04:00
Kubernetes Prow Robot
e7b9453972 Merge pull request #93537 from timuthy/enhancement.move-resourcequota 
Move ResourceQuota admission to k8s.io/apiserver lib
 2020-09-15 12:26:58 -07:00
David Eads
c0c033b12f generated 2020-09-14 09:24:41 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Tim Usner
70d440bc7e Move ResourceQuota admission to k8s.io/apiserver 2020-09-04 14:53:52 +02:00
yiduyangyi
e6c4633232 fix golint failures in pkg/kubeapiserver/options, fix some incorrect replace of receiver name 2020-07-23 19:02:07 +08:00
yiduyangyi
0520d75838 fix golint failures in pkg/kubeapiserver/options, rename receiver name of BuiltInAuthorizationOptions to o 2020-07-23 18:52:15 +08:00
yiduyangyi
e441c07fe2 fix golint failures in pkg/kubeapiserver/options, use API Server in commemts instead of APIServer 2020-07-23 18:41:37 +08:00
yiduyangyi
e2838df7c7 fix golint failures in pkg/kubeapiserver/options 2020-07-15 16:03:08 +08:00
Patrick Ohly
22aeb81e84 CSIStorageCapacity: CSIStorageCapacity API 
This adds the CSIStorageCapacity API change for
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1472-storage-capacity-tracking
 2020-07-03 21:54:14 +02:00
Jordan Liggitt
e5e557e902 apiserver: add API server plumbing for adding warnings 2020-06-11 16:04:19 -04:00
Davanum Srinivas
07d88617e5 Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00