github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,398 Commits 1 Branch 31 Tags 1,019 MiB
ae7b13d40e
Commit Graph

116 Commits

Author SHA1 Message Date
k8s-merge-robot
f867ba3ba1 Merge pull request #13682 from ryfow/block-startup-for-cert 
Auto commit by PR queue bot
 2015-09-10 00:24:23 -07:00
k8s-merge-robot
434f05c0e3 Merge pull request #13705 from liggitt/attach 
Auto commit by PR queue bot
 2015-09-09 18:19:35 -07:00
k8s-merge-robot
45742e885c Merge pull request #13452 from aveshagarwal/master-api-rate-burst-remove 
Auto commit by PR queue bot
 2015-09-09 00:42:59 -07:00
Jordan Liggitt
b2268574c5 Add pods/attach to long running requests, protect in admission for privileged pods 2015-09-09 00:49:00 -04:00
k8s-merge-robot
015389eba1 Merge pull request #13672 from jayunit100/apiserver-cert-doc 
Auto commit by PR queue bot
 2015-09-08 11:42:28 -07:00
Ryan Fowler
d22a29cf66 Block apiserver startup on certificate 
With some regularity, if the root certificate file needs to be generated
the apiserver could come up on the non-secure port before the cert
was generated.

`hack/local-up-cluster.sh` requires that apiserver.crt exists
before the replication controller starts. Otherwise service accounts
and secrets don't work.

This change just takes the certificate handling code out of the `go`.
 2015-09-08 11:35:32 -05:00
jay vyas
4283201aea [minor] cert file cmd line string fix 2015-09-08 09:50:15 -04:00
Ruddarraju, Uday Kumar Raju
f8d6f13f7c Union of authorizers 2015-09-04 11:04:50 -07:00
derekwaynecarr
ab1f4c5c2c Fix typo in api server flag 2015-09-04 11:38:36 -04:00
Avesh Agarwal
f0d0e2a089 Remove unused api-rate and api-burst params. 2015-09-03 17:57:35 -04:00
Timothy St. Clair
2145371c45 Plumb through configuration option to disable watch cache 
because we are seeing anomolies on our cluster.
 2015-08-28 12:36:40 -05:00
Yu-Ju Hong
3bc2157889 Merge pull request #13100 from pweil-/cap-priv-sources 
use privileged source object
 2015-08-25 16:10:50 -07:00
Yifan Gu
aca6368e3c plugin/oidc: add minor documentation details. 2015-08-24 15:25:26 -07:00
Paul Weil
709e654686 use privileged source object 2015-08-24 16:53:43 -04:00
Yifan Gu
6376e41850 plugin/pkg/auth: add OpenID Connect token authenticator. 
Also add related new flags to apiserver:
"--oidc-issuer-url", "--oidc-client-id", "--oidc-ca-file", "--oidc-username-claim",
to enable OpenID Connect authentication.
 2015-08-21 15:27:08 -07:00
Saad Ali
c1a2c6dee7 Merge pull request #10713 from thockin/no-localhost-endpoints 
Check loopback and link-local multicast endpoints
 2015-08-19 12:48:33 -07:00
gmarek
3c907b33e1 Remove external function setting Kubelet flags 2015-08-19 13:20:41 +02:00
Tim Hockin
86f4535871 Check loopback and link-local multicast endpoints 
Previously we just disallowed link-local (unicast).  This disallows loopback
and link-local multicast.
 2015-08-18 21:50:27 -07:00
Kris Rousey
ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Bin Wang
0547c52c2c Enforce specified service-cluster-ip-range is not too large 2015-08-18 10:35:21 +08:00
Eric Paris
347c7b5b82 Mark some flags as deprecated so thus don't show up in help 2015-08-14 19:28:03 -04:00
Ruddarraju, Uday Kumar Raju
937db3f70d Keystone authentication plugin 2015-08-13 09:46:30 -07:00
Eric Paris
1333fad22a Remove BindClientConfigFlags entirely 
They are unused.
 2015-08-11 16:26:24 -04:00
Alex Robinson
11fcd3bb39 Merge pull request #12478 from eparis/use-pflag-network 
Use pflags for net.IP and net.IPNet instead of custom flag types
 2015-08-10 11:55:54 -07:00
Eric Paris
f3282ff4d2 Use pflag IPNet instead of our own helpers 
Since pflag can handle net.IPNet arguements use that code. This means
that our code no longer has casts back and forth and just natively uses
net.IPNet.
 2015-08-10 10:15:08 -04:00
Eric Paris
fe6b633e2a Convert for util.IP to just use a net.IP 
pflag can handle IP addresses so use the pflag code instead of doing it
ourselves. This means our code just uses net.IP and we don't have all of
the useless casting back and forth!
 2015-08-10 10:15:05 -04:00
Veres Lajos
9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
Eric Paris
7cbb52ce04 Use the pflag StringSlice instead of implementing it ourselves 
Saves code and makes our code easier to read because we just use normal
[]string instead of custom type.
 2015-08-06 19:16:13 -04:00
Mike Danese
17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Muhammed Uluyol
58a875ac2c Add (stopgap) support for an experimental API prefix. 2015-07-30 18:14:29 -07:00
Wojciech Tyczynski
99d6b0e9f4 Rename storage interfaces 2015-07-30 10:34:57 +02:00
Wojciech Tyczynski
d17985f1ad Move StorageInterface to pkg/storage. 2015-07-30 09:32:04 +02:00
Brendan Burns
99b02bfe73 Add optional throttling to the proxy/exec/attach methods 2015-07-29 13:51:20 -07:00
Marek Grabowski
7cc1855c27 Merge pull request #11806 from wojtek-t/private_etcd_helper 
Make EtcdHelper private - expose only StorageInterface
 2015-07-27 11:21:28 +02:00
Marek Grabowski
00cd52dd68 Merge pull request #10656 from krousey/timeouts 
Adding proper timeouts.
 2015-07-27 10:56:58 +02:00
Wojciech Tyczynski
9d943df397 Private EtcdHelper 2015-07-27 09:20:13 +02:00
Mike Danese
859f440f74 Merge pull request #11666 from wojtek-t/refactor_etcd_helper 
Extract EtcdHelper interface
 2015-07-24 11:07:46 -07:00
Mike Danese
ae1c8e55ef Merge pull request #11737 from thockin/cleanup-remove-v1beta3 
Remove v1beta3
 2015-07-24 10:25:56 -07:00
Wojciech Tyczynski
fdb3f45077 Extract EtcdHelper interface 2015-07-24 09:28:02 +02:00
Vish Kannan
2a5a6b99cb Merge pull request #10635 from smarterclayton/cloud_provider_should_err 
Cloud provider should return an error
 2015-07-23 17:50:45 -07:00
Tim Hockin
1c3233a1d4 Remove v1beta3 2015-07-23 17:21:27 -07:00
Wojciech Tyczynski
ee92aa3897 Prepare for extracting EtcdHelper interface 2015-07-23 09:37:39 +02:00
Kris Rousey
1d033b9912 Adding proper timeouts. 2015-07-10 14:42:59 -07:00
nikhiljindal
c465a50891 Stop exposing v1beta3 by default 2015-07-08 15:27:41 -07:00
Eric Paris
cde68d294b Do not create subject alt dns names for kubelet self signed certs 
PR #10643 Started adding the dns names for the kubernetes master to self
sign certs which were created. The kubelet uses this same code, and thus
the kubelet cert started saying it was valid for these name as well.
While hardless, the kubelet cert shouldn't claim to be these things. So
make the caller explicitly list both their ip and dns subject alt names.
 2015-07-04 23:01:01 -04:00
Eric Paris
7a29af4d2c Add Subject Alt Names to self signed apiserver certs 
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master

A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc

So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
 2015-07-01 17:05:17 -04:00
Clayton Coleman
d8bb4552de Cloud provider should return an error 
Not fatal - makes cloud provider useful in methods that
can return error.
 2015-07-01 14:41:49 -04:00
Aaron Levy
e991a1543f Use blank default for old-etcd-prefix 2015-06-26 18:19:40 -07:00
Jordan Liggitt
64d61185eb Re-enable ECDSA private server key use 2015-06-16 23:03:29 -04:00