github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
111,541 Commits 1 Branch 31 Tags 1,019 MiB
c84c27b6ac
Commit Graph

170 Commits

Author SHA1 Message Date
danielqsj
5bc0e26c19 unify alias of api errors under pkg and staging 2019-12-26 16:42:28 +08:00
yuxiaobo
81e9f21f83 Correct spelling mistakes 
Signed-off-by: yuxiaobo <yuxiaobogo@163.com>
 2019-11-06 20:25:19 +08:00
Mike Danese
6a004d0c18 support URI SANs in local signer 2019-11-04 10:56:06 -08:00
Mike Danese
fe51712288 refactor into seperate authority package 2019-11-04 10:56:06 -08:00
Mike Danese
4bd2c3998f don't use cfssl in signer 2019-11-04 10:56:06 -08:00
Ryan Phillips
f87da3fdfa fixes for tests to pass with FIPS compiler 
* use P256 ECDSA key since P224 is not supported
* regen test certs to be 2048bits
 2019-10-30 10:10:11 -05:00
wojtekt
7b6bcdf780 Autogenerated code 2019-10-24 20:21:00 +02:00
Yassine TIJANI
c1487840bc move util/metrics to component-base 
Signed-off-by: Yassine TIJANI <ytijani@vmware.com>
 2019-10-08 14:42:31 +02:00
David Eads
e8b5781499 add identification for particular certificate controllers 2019-09-03 14:05:04 -04:00
Yassine TIJANI
7e4c3096fe move WaitForCacheSync to the sharedInformer package 
Signed-off-by: Yassine TIJANI <ytijani@vmware.com>
 2019-08-22 16:13:41 +01:00
David Xia
fabfd950b1
cleanup: fix some log and error capitalizations 
Part of https://github.com/kubernetes/kubernetes/issues/15863
 2019-07-20 18:26:16 -04:00
SataQiu
3c35e4e2d6 fix golint failures of pkg/controller/certificates/approver 2019-05-02 10:37:38 +08:00
stewart-yu
ecbd5427e7 auto-generated file 2019-03-02 12:55:26 +08:00
stewart-yu
e01ff1641c move config local to every controllers in kube-controller-manager 2019-03-02 12:54:33 +08:00
Jordan Liggitt
d1e865ee34 Update client callers to use explicit versions 2019-02-26 08:36:30 -05:00
Kubernetes Prow Robot
9fcbf02dca
Merge pull request #74044 from danielqsj/dr 
fix the disruption-recheck metrics register error
 2019-02-21 20:51:01 -08:00
danielqsj
687d759e36 fix more metrics rergister errors 2019-02-22 10:20:09 +08:00
Kubernetes Prow Robot
808f2cf0ef
Merge pull request #72525 from justinsb/owners_should_not_be_executable 
Remove executable file permission from OWNERS files
 2019-02-14 23:55:45 -08:00
Kubernetes Prow Robot
b50c643be0
Merge pull request #73540 from rlenferink/patch-5 
Updated OWNERS files to include link to docs
 2019-02-08 09:05:56 -08:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
David Eads
179dc4ca43 csr signer has no need to sign certificates for a duration longer than the signer itself 2019-02-04 13:22:17 -05:00
Justin SB
dd19b923b7
Remove executable file permission from OWNERS files 2019-01-11 16:42:59 -08:00
k8s-ci-robot
1a9fd268a9
Merge pull request #71005 from mikedanese/certpubfix 
rootcacertpublisher: trigger resync on namespace add and update
 2018-11-14 11:38:07 -08:00
WanLinghao
fb3d1caf9b fix a typo error imported by https://github.com/kubernetes/kubernetes/pull/68812 2018-11-13 13:23:10 -08:00
Mike Danese
bf02f55147 rootcacertpublisher: trigger resync on namespace add and update 
Last cleanup was a bit overzealous.
 2018-11-13 11:38:45 -08:00
Mike Danese
206f5892a7 combine syncs in rootcacertpublisher 
and some misc simplifications.
 2018-11-11 11:29:32 -08:00
Davanum Srinivas
954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
Mike Danese
1469bb413e finish controller name change and don't double check feature flag 2018-11-08 15:51:49 -08:00
k8s-ci-robot
3f5db92840
Merge pull request #68812 from WanLinghao/token_projection_ca_secret_create 
Create Ca-certificate configmap  used by token projected volume
 2018-11-08 10:57:25 -08:00
WanLinghao
efac533f92 To inject ca.crt into container when projected volume was specified, configmap should be created in each namespace. 
This patch add a controller called "root-ca-cert-publisher" to complete above job as well as some bootstrap rbac policies.
 2018-11-08 11:33:47 +08:00
Jordan Liggitt
4ebe084376 certificates subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Guoliang Wang
b1ac6df4dc remove unused code of (pkg/controller) 2018-10-09 08:15:30 +08:00
chentao1596
e640e76a8a UT case of certificate_controller 2018-07-14 16:40:08 +08:00
Cao Shufeng
855842c468 optimize certificate cleaner 
No need to parse certificates for every conditions
 2018-07-12 18:59:03 +08:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Kubernetes Submit Queue
7eb88f11d2
Merge pull request #59727 from wgliang/master.time 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

should use time.Since instead of time.Now().Sub

**What this PR does / why we need it**:
should use time.Since instead of time.Now().Sub

**Special notes for your reviewer**:
 2018-05-10 20:29:40 -07:00
Andrew Lytvynov
ff85d34d4e Add awly as reviewer in several subtrees 2018-04-18 12:22:04 -07:00
Mike Danese
7665f15b7d sarapprover: remove self node cert 
The functionality to bootstrap node certificates is ready but is blocked
by a seperable issue discussed in:
https://github.com/kubernetes/community/pull/1982. The functionality
could be useful for power users who want to write their own approvers if
the feature could be promoted to beta. In it's current state this
feature doesn't help anybody.

I propose that we remove automated approval of node serving certificates
for now and work towards getting the node functionality to beta.
 2018-04-13 11:23:51 -07:00
Wang Guoliang
89669283fe should use time.Since instead of time.Now().Sub 2018-04-10 12:05:51 +08:00
Mikhail Mazurskiy
468655b76a
Use typed events client directly 2018-04-01 18:57:29 +10:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Kubernetes Submit Queue
e740fe68c5
Merge pull request #58264 from WanLinghao/log_fix 
Automatic merge from submit-queue (batch tested with PRs 59441, 58264, 59287, 59396, 59439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

	fix some log param error

this patch fix some log parameter mistakes.



**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note 
/release-note-none
```
 2018-02-06 20:27:36 -08:00
WanLinghao
70ef581ecc fix some log param error 
modified:   pkg/cloudprovider/providers/vsphere/vsphere_util.go
	modified:   pkg/controller/certificates/cleaner/cleaner.go
	modified:   pkg/controller/volume/pvcprotection/pvc_protection_controller.go
	modified:   pkg/volume/azure_dd/azure_mounter.go
 2018-01-26 12:16:00 +08:00
Jordan Liggitt
4b9f00988b
Switch from juju/ratelimit to golang.org/x/time/rate 2018-01-19 11:48:52 -05:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Mike Danese
0e0f8346e7 sarapprover: increase base delay of per item rate limit 
from 5 miliseconds to 1 second
 2017-11-16 11:27:06 -08:00
Mike Danese
302fe7c0c8 sarapprover: ignore authz errors 2017-11-16 11:27:05 -08:00
supereagle
b694d51842 use versiond group clients from client-go 2017-11-07 14:47:22 +08:00
hzxuzhonghu
ddbbbfceff remove redundant code 2017-10-27 15:49:08 +08:00
Mike Danese
1181a88cf2 certs: remove always nil error from New signature 2017-10-23 11:43:08 -07:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Kubernetes Submit Queue
0ba7c52b8c Merge pull request #53458 from dims/fix-pkg-cmd-dependencies 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix pkg/ depends on cmd/ problems

**What this PR does / why we need it**:

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

Partial fix for https://github.com/kubernetes/kubernetes/issues/53341

**Special notes for your reviewer**:
No logic changes, Just moving things around

**Release note**:

```release-note
NONE
```
 2017-10-13 23:56:55 -07:00
Davanum Srinivas
6d5e1d2bea Drop cmd/gke-certificates-controller from bazel build script 2017-10-13 07:06:21 -04:00
Jacob Simpson
2a6099b8f9 New controller to GC CSRs. 2017-10-04 14:45:32 -07:00
Dr. Stefan Schimanski
1d053c4f7c controllers: simplify deepcopy calls 2017-08-29 19:21:24 +02:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Kubernetes Submit Queue
319bef285a Merge pull request #49788 from mikedanese/resync-csr 
Automatic merge from submit-queue (batch tested with PRs 49615, 49321, 49982, 49788, 50355)

csr: add resync to csr approver

fixes https://github.com/kubernetes/kubernetes/issues/49787

```release-note
Fix an issue where if a CSR is not approved initially by the SAR approver is not retried.
```
 2017-08-09 23:56:05 -07:00
Mike Danese
cb56558531 csr: add resync to csr approver 2017-08-09 11:47:08 -07:00
Davanum Srinivas
9a761b16c1 Add missing UID in SubjectAccessReviewSpec 
WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.
 2017-08-02 10:49:02 -04:00
Jacob Simpson
29c1b81d4c Scripted migration from clientset_generated to client-go. 2017-07-17 15:05:37 -07:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
cde4772928 run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles 2017-06-22 11:30:52 -07:00
Jacob Simpson
334de1cbe1 Auto approve kubelet certificate signing requests. 2017-06-16 08:47:12 -07:00
Slava Semushin
418cf3710c Improve error reporting by including file name in the message. 2017-06-06 17:47:11 +02:00
Mike Danese
66b4b99616 migrate group approver to use subject access reviews 2017-05-30 11:43:03 -07:00
Kubernetes Submit Queue
b7ebdfa978 Merge pull request #46383 from mikedanese/fix-flake 
Automatic merge from submit-queue (batch tested with PRs 46383, 45645, 45923, 44884, 46294)

fix certificates flake

Fixes https://github.com/kubernetes/kubernetes/issues/46365
Fixes https://github.com/kubernetes/kubernetes/issues/46374
 2017-05-26 12:57:58 -07:00
Mike Danese
bbe1e9caa4 fix certificates flake 2017-05-26 11:03:45 -07:00
Jacob Simpson
07e9b0e197 Add support for specifying certificate duration at runtime. 2017-05-24 13:29:46 -07:00
Mike Danese
f04ce3cfba refactor certificate controller 2017-05-23 15:25:58 -07:00
Chao Xu
958903509c bazel 2017-04-27 09:41:53 -07:00
Chao Xu
3fa7b7824a easy changes 2017-04-27 09:41:53 -07:00
Mike Danese
a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Andy Goldstein
e63fcf708d Make controller Run methods consistent 
- startup/shutdown logging
- wait for cache sync logging
- defer utilruntime.HandleCrash()
- wait for stop channel before exiting
 2017-04-14 07:27:45 -04:00
deads2k
fd34b11e13 react to informer updates 2017-02-13 09:18:32 -05:00
deads2k
a86fabb9d2 regenerate informers 2017-02-13 07:59:34 -05:00
Jacob Beacham
7682aa53b1 Allow the CertificateController to use any Signer implementation. 
This will allow developers to create CertificateControllers with
arbitrary Signers, instead of forcing the use of CFSSLSigner.
 2017-02-10 14:26:45 -08:00
Andy Goldstein
e5fc73a4f1 Switch CSR controller to use shared informer 2017-02-08 11:01:34 -05:00
Mike Danese
e34351f715 refactor approver and signer interfaces to be consisten w.r.t. apiserver interaction 
This makes it so that only the controller loop talks to the
API server directly. The signatures for Sign and Approve also
become more consistent, while allowing the Signer to report
conditions (which it wasn't able to do before).
 2017-02-02 11:23:52 -08:00
deads2k
8a12000402 move client/record 2017-01-31 19:14:13 -05:00
deads2k
2c1c0f3f72 move workqueue to client-go 2017-01-30 09:08:21 -05:00
deads2k
b0b156b381 make tools/cache authoritative 2017-01-25 08:29:45 -05:00
deads2k
5a8f075197 move authoritative client-go utils out of pkg 2017-01-24 08:59:18 -05:00
Clayton Coleman
9009c1ac14
generated: informer,client 2017-01-23 17:52:47 -05:00
Clayton Coleman
469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k
1ce0637b27 move listers out of cache to reduce import tree 2017-01-20 15:01:38 -05:00
deads2k
ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
Mike Danese
44b7246568 autogenerated 2017-01-19 14:24:45 -08:00
Mike Danese
96c146c8f2 promote certificates.k8s.io to beta 2017-01-19 13:13:20 -08:00
Dr. Stefan Schimanski
918868b115 genericapiserver: cut off certificates api dependency 2017-01-16 14:10:59 +01:00
Klaus Ma
25fe1e0d82 Made cache.Controller to be interface. 2017-01-13 13:33:23 +08:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Mike Danese
d2032fd83c kubelet: request client auth certificates from certificate API. 2017-01-10 17:57:39 -08:00
Mike Danese
bc52211304 add unit tests for the signer 2017-01-09 14:00:08 -08:00
Mike Danese
19871dfb28 autogenerated 2017-01-09 13:24:28 -08:00
Mike Danese
fb099ae385 certificates: support allowed usage 2017-01-09 13:22:52 -08:00
NickrenREN
639572ac68 fix redundant alias and remove unused function 2017-01-09 17:13:09 +08:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Chao Xu
03d8820edc rename /release_1_5 to /clientset 2016-12-14 12:39:48 -08:00
Kubernetes Submit Queue
8abbedae54 Merge pull request #38315 from mikedanese/pin-gazel 
Automatic merge from submit-queue

Pin gazel to a version and support cgo

This fixes the bazel build.

@krousey who is buildcop
 2016-12-12 19:32:29 -08:00