github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
76,171 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

72 Commits (69b2bc0bc29198dbe1ca2331d988f198bdf93561)

Author SHA1 Message Date
Andrew Lytvynov 18458392ca Extract new keyutil package from client-go/util/cert 
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004
 2019-02-19 09:48:59 -08:00
mourya007 7c37e91a6d Re-Organize the pkutil library 2019-01-26 14:56:36 +05:30
Patrick Barker 34d57f295f adds dynamic audit integration test generated 2019-01-16 16:27:51 -08:00
Patrick Barker d995047366 adds dynamic audit integration test 2019-01-16 16:24:02 -08:00
Dr. Stefan Schimanski 7b242533a2 apiserver: separate transport setting from storagebackend.Config 2019-01-02 12:52:38 +01:00
Daniel Kłobuszewski 7a10f4eda7 Add option to k8s apiserver to reject incoming requests upon audit failure 2018-11-16 10:32:49 +01:00
Nail Islamov 38895a56a8
Add wait to discovery integration test to fix flakiness 2018-08-14 01:03:03 +10:00
Kubernetes Submit Queue 28d649c2f5
Merge pull request #66932 from nilebox/discovery-include-unavailable 
Automatic merge from submit-queue (batch tested with PRs 66394, 66888, 66932). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Include unavailable apiservices in discovery response

**What this PR does / why we need it**:
Include unavailable apiservices into `apis/` discovery endpoint response to fix namespace deletion https://github.com/kubernetes-incubator/service-catalog/issues/2254

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes-incubator/service-catalog/issues/2254

**Special notes for your reviewer**:

**Release note**:


```release-note
kube-apiserver now includes all registered API groups in discovery, including registered extension API group/versions for unavailable extension API servers.
```
 2018-08-08 07:00:14 -07:00
Nail Islamov d4690f4aec
Include unavailable API services in discovery response 2018-08-08 07:26:27 +03:00
yue9944882 6bac6fafa0 promote informers into master.Config 
review:

1. move informers into master extra config
2. move one post start hook into New()

fixes npe from master integration test
 2018-08-08 09:35:45 +08:00
xuzhonghu 416a478cf6 Add String method to audit.Backend interface 2018-07-18 17:55:01 +08:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
David Eads c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
Jordan Liggitt 5d11dc2524
Make integration test etcd store unique 2018-04-23 13:02:04 -04:00
Jordan Liggitt d421affd2d
loopback webhook integration test 2018-04-20 12:30:27 -04:00
Monis Khan 300751393b
Use a dynamic RESTMapper for admission plugins 
This change updates the REST mapper used by all admission plugins to
be backed by cached discovery information.  This cache is updated
every ten seconds via a post start hook and will not attempt to
update on calls to RESTMapping.  It solely relies on the hook to
keep the cache in sync with discovery.

This prevents issues with the OwnerReferencesPermissionEnforcement
admission plugin when it is used with custom resources that set
blockOwnerDeletion.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2018-04-17 09:59:41 -04:00
Dr. Stefan Schimanski 145167f908 Generated files 2018-04-17 11:44:29 +02:00
Dr. Stefan Schimanski 0bb9261eb8 sample-apiserver: add v1beta1 with advanced conversion example from v1alpha1 2018-04-17 11:43:58 +02:00
Dr. Stefan Schimanski 9f906618f0 apiserver: enforce shared RequestContextMapper in delegation chain 2018-04-05 14:41:56 +02:00
hzxuzhonghu 8cce8bdc85 make kube-apiserver ServerRunOptions setdefault and Validate before use 2018-04-04 11:19:55 +08:00
hzxuzhonghu 4c26831147 apiserver's webhook admission use its own scheme 2018-04-03 20:42:38 +08:00
hzxuzhonghu 755df0461d validate authorization flags in BuiltInAuthorizationOptions.Validate 2018-03-26 20:37:02 +08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
hzxuzhonghu 468b8bf021 run update bazel 2018-02-13 20:46:44 +08:00
hzxuzhonghu a6c43c6a5c pass listener in integration test to prevent port in use flake 2018-02-13 20:46:43 +08:00
Jordan Liggitt 18d0b70e2c
Fix TestAggregatedAPIServer setup 2017-11-27 11:17:55 -05:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Dr. Stefan Schimanski d99c7df360 kube-aggregator: use shared informers from RecommendedConfig 2017-09-08 16:12:54 +02:00
Dr. Stefan Schimanski 2b64d3a0fd apiserver: split core API creation from secure serving 2017-09-08 14:38:11 +02:00
Dr. Stefan Schimanski ca3f745346 apiserver: stratify versioned informer construction 2017-09-08 14:16:09 +02:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Mike Danese 6ae11fdc5d use testmain in integration tests 2017-07-12 17:34:55 -07:00
Mike Danese 8e23c656ca add testmain setup func to the integration framework 2017-07-12 17:34:55 -07:00
deads2k 0801ded425 remove dead code 2017-07-07 09:12:29 -04:00
p0lyn0mial 113e9ba1d3 Introducing a cluster-scoped resource in the wardle.k8s.io group. 
The cluster scoped resource has a field that indicates Flunder.Names that are disallowed.
The resource is going to be used by an admission plugin.
The admission plugin will list the cluster-scope resources and check against banned names.

Issue: #47868
 2017-07-04 15:43:45 +02:00
deads2k f525c0815e restore working aggregator and avoid duplicate informers 2017-06-21 15:14:59 -04:00
Daniel Smith 51562445de fix test 2017-06-19 11:17:41 -07:00
deads2k 963c85e1c8 sort current API versions and fallback for others 2017-06-14 09:29:44 -04:00
Dr. Stefan Schimanski 342a8fc657 kube-apiserver: cleanup node proxy setup code 2017-06-08 18:20:16 +02:00
Kubernetes Submit Queue f28fe811ad Merge pull request #46680 from cheftako/aggregate 
Automatic merge from submit-queue (batch tested with PRs 46681, 46786, 46264, 46680, 46805)

Enable Dialer on the Aggregator

Centralize the creation of the dialer during startup.
Have the dialer then passed in to both APIServer and Aggregator.
Aggregator the uses the dialer as its Transport base.

**What this PR does / why we need it**:Enables the Aggregator to use the Dialer/SSHTunneler to connect to the user-apiserver.

**Which issue this PR fixes** : fixes ##46679

**Special notes for your reviewer**:

**Release note**: None
 2017-06-03 21:16:46 -07:00
Walter Fender 5b3f4684ed Enable Dialer on the Aggregator 
Centralize the creation of the dialer during startup.
Have the dialer then passed in to both APIServer and Aggregator.
Aggregator the sets the dialer on its Transport base.
This should allow the SSTunnel to be used but also allow the Aggregation
Auth to work with it.
Depending on Environment InsecureSkipTLSVerify *may* need to be set to
true.
Fixed as few tests to call CreateDialer as part of start-up.
 2017-06-01 00:05:02 -07:00
Anthony Yeh ba59e14d44
Add TPR to CRD migration helper. 2017-05-31 19:07:38 -07:00
deads2k 446e959bf7 make CRD apiservice controller 2017-05-22 08:54:14 -04:00
deads2k 75bd27a595 remove unnessary confusion of dead values 2017-05-17 07:15:29 -04:00
mbohlool 103c1bfc1e Update generated files 2017-05-15 15:34:33 -07:00
mbohlool e2f20a3539 Promote apiregistration from v1alpha1 to v1beta1 2017-05-15 15:34:33 -07:00
deads2k be39283923 plumb stopch to post start hook index since many of them are starting go funcs 2017-05-11 09:16:13 -04:00
Mike Danese 21617a60ae don't use build tags to mark integration tests 2017-04-28 14:19:39 -07:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00