github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
75,091 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

25 Commits (4ac08be206ae94c569564195c94f9c0ca234d84d)

Author SHA1 Message Date
Mike Danese 21fd8f2041 tokenreview: add APIAudiences config to generic API server and augment context 2018-10-09 22:47:10 -07:00
walter 6990a6392a Cleaned up lint errors in pkg/kubeapiserver/server. 2018-09-26 23:12:30 -07:00
Dr. Stefan Schimanski 8aa0eefce8 kube-controller-manager: disable authn/z on insecure port 
This is the old behaviour and we did not intent to change it due to enabled authn/z in general.
As the kube-apiserver this sets the "system:unsecured" user info.
 2018-08-30 20:17:29 +02:00
Marian Lobur 3f730d4c25 Remove deprecated legacy audit logging code. 2018-08-23 12:08:54 +02:00
Dr. Stefan Schimanski c2724793e8 Update bazel 2018-08-17 08:57:21 +02:00
Dr. Stefan Schimanski d787213d1b kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 2018-08-17 08:56:47 +02:00
Dr. Stefan Schimanski 1575e17365 kube-apiserver: drop unused loopback token in insecure mode 2018-07-04 19:15:11 +02:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Jordan Liggitt 8ea88a5092
Remove request context mapper 2018-04-18 17:03:31 -04:00
Dr. Stefan Schimanski 9f906618f0 apiserver: enforce shared RequestContextMapper in delegation chain 2018-04-05 14:41:56 +02:00
hzxuzhonghu 6ba30f678c pass listener to genericapiserver 2017-11-21 11:00:15 +08:00
hzxuzhonghu db4f0de280 gracefully shutdown apiserver after all non-long running requests finish 2017-11-10 14:06:52 +08:00
Dr. Stefan Schimanski f6a89df3fb Revert "audit backend run shutdown gracefully after http handler finish" 
This reverts commit f42686081b.
 2017-10-30 15:26:51 +01:00
hzxuzhonghu f42686081b audit backend run shutdown gracefully after http handler finish 2017-10-28 15:03:38 +08:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Joe Betz cb764756c6 Add --request-timeout to allow the global request timeout of 60 seconds to be configured. 2017-08-28 13:42:43 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Tim St. Clair a5de309ee2
Implement audit policy logic 2017-05-25 07:38:07 -07:00
Dr. Stefan Schimanski 0b5bcb0219 audit: add audit event to the context and fill in handlers 2017-05-23 11:20:14 +02:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Kubernetes Submit Queue 67f2a7cc00 Merge pull request #43888 from liggitt/unsecured-port-user 
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)

Avoid nil user special-casing in unsecured endpoint

The unsecured handler currently adds no `user.Info` to the request context.  That means that anything that tries to authorize actions in the API server currently has to special case nil users to ensure the unsecured localhost endpoint remains capable of performing all actions. 

This PR changes the unsecured localhost endpoint to be treated as a privileged user internally, so that no special casing is required by code inside the authentication layer

I'm not particularly attached to the username. It doesn't bother me for it to have a slightly uncomfortable sounding name.
 2017-04-11 12:18:24 -07:00
deads2k b73cddb227 only log stacks on server errors 2017-04-10 07:57:43 -04:00
Jordan Liggitt 5d839d0d0b
Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
deads2k cd29754680 move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00