github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88,197 Commits 1 Branch 31 Tags 1,019 MiB
652f52b51c
Commit Graph

22 Commits

Author SHA1 Message Date
Ted Yu
cdc1b71bde WithAuthentication should wrap WithMaxInFlightLimit 2019-09-19 13:39:49 -07:00
David Eads
f589c1213c add cache-control headers to kube-apiserver 2019-08-26 13:00:31 -04:00
SataQiu
64193630a7 cleanup: move the comment to its place 2019-05-23 12:29:12 +08:00
Mike Danese
21fd8f2041 tokenreview: add APIAudiences config to generic API server and augment context 2018-10-09 22:47:10 -07:00
walter
6990a6392a Cleaned up lint errors in pkg/kubeapiserver/server. 2018-09-26 23:12:30 -07:00
Dr. Stefan Schimanski
8aa0eefce8 kube-controller-manager: disable authn/z on insecure port 
This is the old behaviour and we did not intent to change it due to enabled authn/z in general.
As the kube-apiserver this sets the "system:unsecured" user info.
 2018-08-30 20:17:29 +02:00
Marian Lobur
3f730d4c25 Remove deprecated legacy audit logging code. 2018-08-23 12:08:54 +02:00
Dr. Stefan Schimanski
d787213d1b kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 2018-08-17 08:56:47 +02:00
Dr. Stefan Schimanski
1575e17365 kube-apiserver: drop unused loopback token in insecure mode 2018-07-04 19:15:11 +02:00
Jordan Liggitt
8ea88a5092
Remove request context mapper 2018-04-18 17:03:31 -04:00
Dr. Stefan Schimanski
9f906618f0 apiserver: enforce shared RequestContextMapper in delegation chain 2018-04-05 14:41:56 +02:00
hzxuzhonghu
6ba30f678c pass listener to genericapiserver 2017-11-21 11:00:15 +08:00
hzxuzhonghu
db4f0de280 gracefully shutdown apiserver after all non-long running requests finish 2017-11-10 14:06:52 +08:00
Dr. Stefan Schimanski
f6a89df3fb Revert "audit backend run shutdown gracefully after http handler finish" 
This reverts commit f42686081b.
 2017-10-30 15:26:51 +01:00
hzxuzhonghu
f42686081b audit backend run shutdown gracefully after http handler finish 2017-10-28 15:03:38 +08:00
Joe Betz
cb764756c6 Add --request-timeout to allow the global request timeout of 60 seconds to be configured. 2017-08-28 13:42:43 -07:00
Tim St. Clair
a5de309ee2
Implement audit policy logic 2017-05-25 07:38:07 -07:00
Dr. Stefan Schimanski
0b5bcb0219 audit: add audit event to the context and fill in handlers 2017-05-23 11:20:14 +02:00
Kubernetes Submit Queue
67f2a7cc00 Merge pull request #43888 from liggitt/unsecured-port-user 
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)

Avoid nil user special-casing in unsecured endpoint

The unsecured handler currently adds no `user.Info` to the request context.  That means that anything that tries to authorize actions in the API server currently has to special case nil users to ensure the unsecured localhost endpoint remains capable of performing all actions. 

This PR changes the unsecured localhost endpoint to be treated as a privileged user internally, so that no special casing is required by code inside the authentication layer

I'm not particularly attached to the username. It doesn't bother me for it to have a slightly uncomfortable sounding name.
 2017-04-11 12:18:24 -07:00
deads2k
b73cddb227 only log stacks on server errors 2017-04-10 07:57:43 -04:00
Jordan Liggitt
5d839d0d0b
Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
deads2k
cd29754680 move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00