github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
72,052 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

65 Commits (498cd61f41e31b52f4efb0f14703b954e1a62c1d)

Author SHA1 Message Date
Davanum Srinivas 954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
tanshanshan cb95edafe8 kube-scheduler: enable secure ports 10259 2018-11-08 16:43:59 +01:00
Mike Danese bcd492e86e use more specific authenticator.Audiences type in TokenRequest registry 2018-10-23 00:16:17 -07:00
Mike Danese 371b1e7fed promote --service-account-api-audiences to top level kube-apiserver config 
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
 2018-10-22 18:21:37 -07:00
Christoph Blecker 97b2992dc1
Update gofmt for go1.11 2018-10-05 12:59:38 -07:00
Kubernetes Submit Queue 2da49321e6
Merge pull request #63653 from WanLinghao/token_expiry_limit 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add limit to the TokenRequest expiration time

**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.


**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #63575

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-06-27 00:31:08 -07:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
WanLinghao f16470c3f1 This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster. 2018-06-14 09:31:50 +08:00
David Eads c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
David Eads e7fbbe0e3c eliminate indirection from type registration 2018-04-25 09:02:31 -04:00
Mike Danese 024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Clayton Coleman 98cf7e6ae2
generated: bazel 2018-02-22 23:26:25 -05:00
Clayton Coleman 110b064d63
Make Service storage a wrapper around other storages 
The registry abstraction is unnecessary and adds direct coupling to the
core types. By using a wrapper, we carry through the default
implementations of the non-mutating operations. The DeleteCollection
method is explicitly patched out since it cannot be correctly
implemented on the storage currently.

As a result, TableConvertor is now exposed.

A few other minor refactorings

* Corrected the case of some variables
* Used functions instead of methods for several helper methods
* Removed the legacy Deleter - service was the only remaining consumer
 2018-02-22 23:26:25 -05:00
Mike Danese 8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
stewart-yu 0cbe0a6034 controller-manager: switch to config/option struct pattern 2018-02-13 11:16:17 +01:00
Brendan Burns dcb9b4b591 By default block service proxy to external IP addresses. 
Service proxy uses redirects to Pods instead of direct access.
 2018-01-24 04:13:15 +00:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jordan Liggitt 5913fccada
Use GVK from storage in API registration 2017-10-27 23:57:39 -04:00
Dr. Stefan Schimanski cad0364e73 Update bazel 2017-10-18 17:24:04 +02:00
Dr. Stefan Schimanski 7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
zhouhaibing089 b1040171b6 componentstatus: support client cert health check 
etcd has support for client-cert-auth, which can be configured via the flag `--ca-file`,
when that is enabled, all the client requests must present with a client certificate,
however, the current component status check uses a single transport for all of the checks,
this is wrong, the checks should be different for each of different component, and make
each of them use different transport(tls configurations).
 2017-04-17 13:58:33 +08:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Dr. Stefan Schimanski 0e9c1f75bf Update bazel 2017-02-15 10:25:15 +01:00
Dr. Stefan Schimanski 27e01b5c46 k8s.io/apiserver: fixup imports and renamed packages 2017-02-15 10:24:58 +01:00
Dr. Stefan Schimanski 6af3210d6f Update generated files 2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Dr. Stefan Schimanski 80b96b441b Mechanical import fixup: pkg/storage 2017-02-03 07:33:43 +01:00
deads2k aea12038b4 move storage/storagebackend to apiserver 2017-01-27 08:49:55 -05:00
Rene Saenz bfc0451da3 Executed update-bazel.sh 2017-01-25 09:44:51 -06:00
Rene Saenz 1bf6c76928 Rename controller pkg/registry/core/controller to pkg/registry/core/replicationcontroller 2017-01-24 18:15:51 -06:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
deads2k c587b8a21e re-run client-gen 2017-01-20 08:02:36 -05:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
Dr. Stefan Schimanski 8fe0958ba0 Update bazel 2017-01-17 09:30:48 +01:00
Dr. Stefan Schimanski 5c88b7d05a Fix imports 2017-01-17 09:30:30 +01:00
deads2k f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
Timothy St. Clair fbc5323dad Refactor registry to use store vs. etcd 2017-01-12 09:23:38 -06:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Dr. Stefan Schimanski 7adaac79ca Update bazel 2016-12-16 17:49:23 +01:00
Dr. Stefan Schimanski aa81e1d51d pkg/apiserver: move validation.go into pkg/registry 2016-12-16 17:49:22 +01:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Monis Khan a6bafbacbf
Refactor REST storage to use generic defaults 
Signed-off-by: Monis Khan <mkhan@redhat.com>
 2016-12-08 17:24:21 -05:00