github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88,197 Commits 1 Branch 31 Tags 1,019 MiB
652f52b51c
Commit Graph

169 Commits

Author SHA1 Message Date
Jin Hase
49b6e40461 Clean up kube-apiserver reference document 2019-12-24 21:21:06 +09:00
Jordan Liggitt
dc0e51dd18 Plumb authorization webhook version from CLI to config 2019-11-18 23:58:05 -08:00
hwdef
b3377e61de pkg/kubeapiserver: fix staticcheck warning 2019-11-14 11:24:22 +08:00
Kubernetes Prow Robot
94efa988f4
Merge pull request #84813 from deads2k/admission-feature-gates 
remove global variable dependency from admission plugins
 2019-11-12 10:23:14 -08:00
Jordan Liggitt
d54a70db5c Switch kubelet/aggregated API servers to use v1 subjectaccessreviews 2019-11-11 17:19:11 -05:00
Jordan Liggitt
5ef4fe959a Switch kubelet/aggregated API servers to use v1 tokenreviews 2019-11-11 17:19:10 -05:00
David Eads
675c2fb924 add featuregate inspection as admission plugin initializer 2019-11-08 13:07:40 -05:00
Dan Winship
afa0b808f8 Fix apiserver to advertise IPv6 endpoints if bound to IPv6 
Also rename utilnet.ChooseBindAddress() to ResolveBindAddress(), to
better describe its functionality.
 2019-11-06 11:31:43 -05:00
Jordan Liggitt
20b2439457 Feature-gate RuntimeClass informer starts 2019-10-24 01:18:07 -04:00
David Eads
6beb96261e wire up a means to dynamically reload ca bundles for kube-apiserver 2019-10-23 11:01:56 -04:00
draveness
1163a1d51e feat: update taint nodes by condition to GA 2019-10-19 09:17:41 +08:00
David Eads
5825634669 add the ability for dynamic header names in delegated authentication 2019-10-11 11:50:37 -04:00
David Eads
51195dd860 add ability to authenticators for dynamic update of certs 2019-10-01 09:50:20 -04:00
mengyang02
da072063d1 to use existing validating function 2019-09-24 20:16:17 +08:00
Tim Allclair
c6173b28a9 Enable the RuntimeClass admission controller for scheduling 2019-08-23 13:33:06 -07:00
Ted Yu
3d2bc6f6ae Constant time password comparison 2019-08-07 22:07:57 -07:00
Kubernetes Prow Robot
e4f1588352
Merge pull request #78484 from egernst/runtimeclass-admission 
Runtimeclass admission
 2019-06-28 23:35:24 -07:00
draveness
ca6003bc75 feat: cleanup PodPriority features gate 2019-06-23 11:57:24 +08:00
Eric Ernst
e8608300c2 autogenerated code update based in new plugin 
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-19 17:20:11 -07:00
Eric Ernst
2d326345f2 add RuntimeClass admission controller plugin 
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-19 17:20:11 -07:00
Kubernetes Prow Robot
98b6f35999
Merge pull request #74610 from oomichi/issue/74038-2 
Enable StorageObjectInUseProtection by default
 2019-04-16 02:11:29 -07:00
Andrew Kim
2901def8c3 delete the persistentvolume labeler controller 2019-02-26 14:23:20 -05:00
Kenichi Omichi
ede5477697 Enable StorageObjectInUseProtection by default 
StorageObjectInUseProtection plugin of admission controller adds
the flag `kubernetes.io/pvc-protection` or `kubernetes.io/pv-protection`
to newly created PVCs or PV. In case a user deletes a PVC or PV the PVC
or PV is not removed until the finalizer is removed from the PVC or PV
by PVC or PV Protection Controller.
We are testing this plugin on the e2e tests of "PV Protection" because
most setup scripts enable that like:

* cluster/centos/config-default.sh: Enabled
* cluster/gce/config-default.sh: Enabled
* cluster/gce/config-test.sh: Enabled
* cluster/kubemark/gce/config-default.sh: Enabled
* hack/local-up-cluster.sh: Enabled
* cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py: Disabled

As we are testing it normally, it is nice to enable the plugin by
default.
 2019-02-26 18:08:44 +00:00
Mike Danese
47043bcac1 enforce that cloud providers are only linked in main or app packages 2019-02-22 11:56:39 -08:00
Kubernetes Prow Robot
0ffd59e403
Merge pull request #74154 from mbohlool/gimli 
Use Request Object interfaces instead of static scheme that is more appropriate for CRDs
 2019-02-19 07:21:53 -08:00
Mehdy Bohlool
0f186323bc Update generated files 2019-02-16 13:28:48 -08:00
Mehdy Bohlool
cebb4ee2ac Remove the propagated scheme from the Admission chain 2019-02-16 13:28:47 -08:00
Marek Counts
160ed26c20 autogen files to support new project structure. 2019-02-15 10:29:31 -05:00
Marek Counts
7744f90830 Moved flag and globalflag 
Moved all flag code from `staging/src/k8s.io/apiserver/pkg/util/[flag|globalflag]` to `component-base/cli/[flag|globalflag]` except for the term function because of unwanted dependencies.
 2019-02-15 10:28:13 -05:00
Chao Xu
bed7696876 generated BUILD files 2019-01-30 13:28:48 -08:00
Chao Xu
1281243860 Remove the --storage-versions flag from kube-apiserver. 
The storage version now is solely decided by the
scheme.PrioritizedVersionsForGroup(). For cohabitating resources, the storage
version will be that of the overriding group as returned by
storageFactory.getStorageGroupResource().
 2019-01-30 13:28:48 -08:00
Jordan Liggitt
89b0b0b84b Clean up initializer-related comments, test data 2019-01-25 12:37:45 -05:00
Kubernetes Prow Robot
d654b49c0e
Merge pull request #73097 from bsalamat/fix_taint_nodes 
Add NotReady taint to new nodes during admission
 2019-01-24 23:46:23 -08:00
Bobby (Babak) Salamat
763cb708d1 Autogenerated files 2019-01-24 10:31:23 -08:00
Bobby (Babak) Salamat
c2a4d2cbdf Add a default admission controller to taint new nodes on creation. 2019-01-24 10:31:23 -08:00
Jordan Liggitt
1a15d80967 generated 2019-01-23 16:34:44 -05:00
Jordan Liggitt
dc1fa870bf Remove alpha InitializerConfiguration types, Initializers admission plugin 2019-01-23 11:37:39 -05:00
lovejoy
d437305cbf
Fix the authorization-policy-file description 
Actually this is in a format like below not a csv format
```json
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "namespace": "*", "resource": "*","apiGroup": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "namespace": "*", "resource": "ingresses","apiGroup": "extensions"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "namespace": "*", "resource": "*","apiGroup": "apiextensions.k8s.io"}}
```
 2018-12-24 14:54:34 +08:00
k8s-ci-robot
bd2cb5a72d
Merge pull request #70831 from mikedanese/securesvcacct 
add BoundServiceAccountTokenVolume feature
 2018-11-13 08:54:25 -08:00
Mike Danese
f4ff26679f add BoundServiceAccountTokenVolume feature 
* require TokenRequest to be enabled and configured
* bind ca.crt publisher to this feature rather than to TokenRequest
 2018-11-12 13:11:47 -08:00
Davanum Srinivas
954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
walter
2af982abb9 Fixes lint errors in kubeapiserver packages 
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
 2018-11-04 17:22:41 -08:00
Mike Danese
a13b48de94 default api audiences to service account token issuer if available 
This is a sane default that users can choose to migrate away from later.
 2018-10-29 16:40:06 -07:00
Mike Danese
371b1e7fed promote --service-account-api-audiences to top level kube-apiserver config 
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
 2018-10-22 18:21:37 -07:00
k8s-ci-robot
cf3a930938
Merge pull request #69607 from mikedanese/audctx 
tokenreview: add APIAudiences config to generic API server and augment context
 2018-10-15 19:03:43 -07:00
k8s-ci-robot
793b8752d1
Merge pull request #68777 from stewart-yu/patch-1 
remove unneed parameter in test struct
 2018-10-12 16:01:23 -07:00
Mike Danese
21fd8f2041 tokenreview: add APIAudiences config to generic API server and augment context 2018-10-09 22:47:10 -07:00
Christoph Blecker
97b2992dc1
Update gofmt for go1.11 2018-10-05 12:59:38 -07:00
Stewart-YU
5ef8e41215 remove unneed parameter in test struct 
remove unneed parameter in test struct
 2018-09-26 08:59:42 +08:00
Chao Xu
1fb6b5aa69 Deprecation notice of storage-versions flag 2018-08-30 19:45:43 -07:00