github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
67,465 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

46 Commits (3710ce35613331c4e08d9245abb4b6a605e178b8)

Author SHA1 Message Date
David Eads c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
Monis Khan 300751393b
Use a dynamic RESTMapper for admission plugins 
This change updates the REST mapper used by all admission plugins to
be backed by cached discovery information.  This cache is updated
every ten seconds via a post start hook and will not attempt to
update on calls to RESTMapping.  It solely relies on the hook to
keep the cache in sync with discovery.

This prevents issues with the OwnerReferencesPermissionEnforcement
admission plugin when it is used with custom resources that set
blockOwnerDeletion.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2018-04-17 09:59:41 -04:00
Dr. Stefan Schimanski 0bb9261eb8 sample-apiserver: add v1beta1 with advanced conversion example from v1alpha1 2018-04-17 11:43:58 +02:00
Dr. Stefan Schimanski 9f906618f0 apiserver: enforce shared RequestContextMapper in delegation chain 2018-04-05 14:41:56 +02:00
hzxuzhonghu 8cce8bdc85 make kube-apiserver ServerRunOptions setdefault and Validate before use 2018-04-04 11:19:55 +08:00
hzxuzhonghu 4c26831147 apiserver's webhook admission use its own scheme 2018-04-03 20:42:38 +08:00
hzxuzhonghu 755df0461d validate authorization flags in BuiltInAuthorizationOptions.Validate 2018-03-26 20:37:02 +08:00
hzxuzhonghu a6c43c6a5c pass listener in integration test to prevent port in use flake 2018-02-13 20:46:43 +08:00
Jordan Liggitt 18d0b70e2c
Fix TestAggregatedAPIServer setup 2017-11-27 11:17:55 -05:00
Dr. Stefan Schimanski d99c7df360 kube-aggregator: use shared informers from RecommendedConfig 2017-09-08 16:12:54 +02:00
Dr. Stefan Schimanski 2b64d3a0fd apiserver: split core API creation from secure serving 2017-09-08 14:38:11 +02:00
Dr. Stefan Schimanski ca3f745346 apiserver: stratify versioned informer construction 2017-09-08 14:16:09 +02:00
Mike Danese 8e23c656ca add testmain setup func to the integration framework 2017-07-12 17:34:55 -07:00
deads2k 0801ded425 remove dead code 2017-07-07 09:12:29 -04:00
p0lyn0mial 113e9ba1d3 Introducing a cluster-scoped resource in the wardle.k8s.io group. 
The cluster scoped resource has a field that indicates Flunder.Names that are disallowed.
The resource is going to be used by an admission plugin.
The admission plugin will list the cluster-scope resources and check against banned names.

Issue: #47868
 2017-07-04 15:43:45 +02:00
deads2k f525c0815e restore working aggregator and avoid duplicate informers 2017-06-21 15:14:59 -04:00
Daniel Smith 51562445de fix test 2017-06-19 11:17:41 -07:00
deads2k 963c85e1c8 sort current API versions and fallback for others 2017-06-14 09:29:44 -04:00
Dr. Stefan Schimanski 342a8fc657 kube-apiserver: cleanup node proxy setup code 2017-06-08 18:20:16 +02:00
Kubernetes Submit Queue f28fe811ad Merge pull request #46680 from cheftako/aggregate 
Automatic merge from submit-queue (batch tested with PRs 46681, 46786, 46264, 46680, 46805)

Enable Dialer on the Aggregator

Centralize the creation of the dialer during startup.
Have the dialer then passed in to both APIServer and Aggregator.
Aggregator the uses the dialer as its Transport base.

**What this PR does / why we need it**:Enables the Aggregator to use the Dialer/SSHTunneler to connect to the user-apiserver.

**Which issue this PR fixes** : fixes ##46679

**Special notes for your reviewer**:

**Release note**: None
 2017-06-03 21:16:46 -07:00
Walter Fender 5b3f4684ed Enable Dialer on the Aggregator 
Centralize the creation of the dialer during startup.
Have the dialer then passed in to both APIServer and Aggregator.
Aggregator the sets the dialer on its Transport base.
This should allow the SSTunnel to be used but also allow the Aggregation
Auth to work with it.
Depending on Environment InsecureSkipTLSVerify *may* need to be set to
true.
Fixed as few tests to call CreateDialer as part of start-up.
 2017-06-01 00:05:02 -07:00
Anthony Yeh ba59e14d44
Add TPR to CRD migration helper. 2017-05-31 19:07:38 -07:00
deads2k 446e959bf7 make CRD apiservice controller 2017-05-22 08:54:14 -04:00
deads2k 75bd27a595 remove unnessary confusion of dead values 2017-05-17 07:15:29 -04:00
mbohlool e2f20a3539 Promote apiregistration from v1alpha1 to v1beta1 2017-05-15 15:34:33 -07:00
deads2k be39283923 plumb stopch to post start hook index since many of them are starting go funcs 2017-05-11 09:16:13 -04:00
Kubernetes Submit Queue 4159cb57b6 Merge pull request #42835 from deads2k/server-01-remove-insecure 
Automatic merge from submit-queue (batch tested with PRs 42835, 42974)

remove legacy insecure port options from genericapiserver

The insecure port has been a source of problems and it will prevent proper aggregation into a cluster, so the genericapiserver has no need for it.  In addition, there's no reason for it to be in the main kube-apiserver flow either.  This pull removes it from genericapiserver and removes it from the shared kube-apiserver code.  It's still wired up in the command, but its no longer possible for someone to mess up and start using in mainline code.

@kubernetes/sig-api-machinery-misc @ncdc
 2017-03-27 17:00:21 -07:00
deads2k cd29754680 move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00
deads2k 3414231672 proxy to IP instead of name, but still use host verification 2017-03-27 12:33:03 -04:00
deads2k 8e26fa25da wire in aggregation 2017-03-27 09:44:10 -04:00
deads2k b27de102cb add local option to APIService 2017-03-13 10:10:50 -04:00
Maru Newby 82dc083016 test/integration: Make localPort reusable as FindFreeLocalPort 2017-03-08 06:32:10 -08:00
deads2k 037f51ae89 get fresh ports on startup failure for integration test 2017-03-01 14:45:21 -05:00
deads2k 3d039f60cf allow incluster authentication info lookup 2017-02-28 13:29:59 -05:00
deads2k 5cfe26dece add aggregation integration test 2017-02-28 08:42:06 -05:00
Aaron Crickenberger b367f33bc2 Allow `make test-integration` to pass on OSX 
`/var/run` is not world-writable on my OSX 10.11.x setup, so tests that
standup a secure apiserver fail with the default cert dir.  Use a
tempdir instead.
 2017-02-16 12:14:40 -08:00
deads2k 7cb5463b26 create sample-apiserver repo for people to inspect 2017-02-08 10:35:29 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Clayton Coleman 5df8cc39c9
refactor: generated 2016-12-03 19:10:46 -05:00
deads2k 56b7a8b02b remove some options from mega-struct 2016-11-29 10:59:43 -05:00
deads2k 18074d7606 split insecure serving options 2016-11-29 10:59:42 -05:00
deads2k a08f3ba521 split secure serving options 2016-11-29 10:59:42 -05:00
Dr. Stefan Schimanski d0b3981f07 Make GenericApiServer.Run interruptable and fail on first listen 2016-11-01 09:50:56 +01:00
Chao Xu 850729bfaf include multiple versions in clientset 
update client-gen to use the term "internalversion" rather than "unversioned";
leave internal one unqualified;
cleanup client-gen
 2016-10-29 13:30:47 -07:00
Davanum Srinivas 25d4a70827 Allow secure access to apiserver from Admission Controllers 
* Allow options.InsecurePort to be set to 0 to switch off insecure access
* In NewSelfClient, Set the TLSClientConfig to the cert and key files
  if InsecurePort is switched off
* Mint a bearer token that allows the client(s) created in NewSelfClient
  to talk to the api server
* Add a new authenticator that checks for this specific bearer token

Fixes #13598
 2016-09-20 10:42:21 -04:00
Timothy St. Clair d6606a6aa9 etcd3 validation showed that several unit tests that depend on apiserver being fully 
stood up should be integration tests, not unit tests.
 2016-08-18 14:12:24 -05:00