github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
67,693 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

60 Commits (617078d220cfa28d35c519e5b91e7f42a0902467)

Author SHA1 Message Date
Kubernetes Submit Queue 2da49321e6
Merge pull request #63653 from WanLinghao/token_expiry_limit 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add limit to the TokenRequest expiration time

**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.


**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #63575

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-06-27 00:31:08 -07:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
WanLinghao f16470c3f1 This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster. 2018-06-14 09:31:50 +08:00
David Eads c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
David Eads e7fbbe0e3c eliminate indirection from type registration 2018-04-25 09:02:31 -04:00
Mike Danese 024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Clayton Coleman 98cf7e6ae2
generated: bazel 2018-02-22 23:26:25 -05:00
Clayton Coleman 110b064d63
Make Service storage a wrapper around other storages 
The registry abstraction is unnecessary and adds direct coupling to the
core types. By using a wrapper, we carry through the default
implementations of the non-mutating operations. The DeleteCollection
method is explicitly patched out since it cannot be correctly
implemented on the storage currently.

As a result, TableConvertor is now exposed.

A few other minor refactorings

* Corrected the case of some variables
* Used functions instead of methods for several helper methods
* Removed the legacy Deleter - service was the only remaining consumer
 2018-02-22 23:26:25 -05:00
Mike Danese 8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
stewart-yu 0cbe0a6034 controller-manager: switch to config/option struct pattern 2018-02-13 11:16:17 +01:00
Brendan Burns dcb9b4b591 By default block service proxy to external IP addresses. 
Service proxy uses redirects to Pods instead of direct access.
 2018-01-24 04:13:15 +00:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jordan Liggitt 5913fccada
Use GVK from storage in API registration 2017-10-27 23:57:39 -04:00
Dr. Stefan Schimanski cad0364e73 Update bazel 2017-10-18 17:24:04 +02:00
Dr. Stefan Schimanski 7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
zhouhaibing089 b1040171b6 componentstatus: support client cert health check 
etcd has support for client-cert-auth, which can be configured via the flag `--ca-file`,
when that is enabled, all the client requests must present with a client certificate,
however, the current component status check uses a single transport for all of the checks,
this is wrong, the checks should be different for each of different component, and make
each of them use different transport(tls configurations).
 2017-04-17 13:58:33 +08:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Dr. Stefan Schimanski 0e9c1f75bf Update bazel 2017-02-15 10:25:15 +01:00
Dr. Stefan Schimanski 27e01b5c46 k8s.io/apiserver: fixup imports and renamed packages 2017-02-15 10:24:58 +01:00
Dr. Stefan Schimanski 6af3210d6f Update generated files 2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Dr. Stefan Schimanski 80b96b441b Mechanical import fixup: pkg/storage 2017-02-03 07:33:43 +01:00
deads2k aea12038b4 move storage/storagebackend to apiserver 2017-01-27 08:49:55 -05:00
Rene Saenz bfc0451da3 Executed update-bazel.sh 2017-01-25 09:44:51 -06:00
Rene Saenz 1bf6c76928 Rename controller pkg/registry/core/controller to pkg/registry/core/replicationcontroller 2017-01-24 18:15:51 -06:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
deads2k c587b8a21e re-run client-gen 2017-01-20 08:02:36 -05:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
Dr. Stefan Schimanski 8fe0958ba0 Update bazel 2017-01-17 09:30:48 +01:00
Dr. Stefan Schimanski 5c88b7d05a Fix imports 2017-01-17 09:30:30 +01:00
deads2k f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
Timothy St. Clair fbc5323dad Refactor registry to use store vs. etcd 2017-01-12 09:23:38 -06:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Dr. Stefan Schimanski 7adaac79ca Update bazel 2016-12-16 17:49:23 +01:00
Dr. Stefan Schimanski aa81e1d51d pkg/apiserver: move validation.go into pkg/registry 2016-12-16 17:49:22 +01:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Monis Khan a6bafbacbf
Refactor REST storage to use generic defaults 
Signed-off-by: Monis Khan <mkhan@redhat.com>
 2016-12-08 17:24:21 -05:00
Dr. Stefan Schimanski b2b0142b6f Update bazel 2016-12-03 18:35:18 +01:00
Dr. Stefan Schimanski 1f5511b131 Move RESTStorageProvider interface into pkg/master 2016-12-03 18:35:15 +01:00
Dr. Stefan Schimanski eeb582e53f Move DefaultServiceIPRange into pkg/master 2016-12-03 18:34:22 +01:00
deads2k a111bd7690 switch to clients for bootstrap controller 2016-12-01 09:14:31 -05:00
Clayton Coleman 35a6bfbcee
generated: refactor 2016-11-23 22:30:47 -06:00