github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
54,781 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

35 Commits (8cbbbac27d427668a655fd704c6db17904520e42)

Author SHA1 Message Date
Chao Xu 186a0684d5 plumb the proxyTransport to the webhook admission plugin; 
set the ServerName in the config for webhook admission plugin.
 2017-09-14 15:35:12 -07:00
Chao Xu 4d1d33af46 bazel 2017-09-06 10:21:01 -07:00
Chao Xu b0c83c72c1 Charge quota for uninitialized objects at different time 
Charge object count when object is created, no matter if the object is
initialized or not.
Charge the remaining quota when the object is initialized.

Also, checking initializer.Pending and initializer.Result when
determining if an object is initialized. We didn't need to check them
because before 51082, having 0 pending initializer and nil
initializers.Result is invalid.
 2017-09-06 10:20:32 -07:00
Chao Xu bf6155b08c make admission plugins handle mutating spec of uninitialized pods 2017-08-17 12:51:09 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Kubernetes Submit Queue f3dcf63130 Merge pull request #48576 from caesarxuchao/fix-ExternalAdmissionHookConfigurationManager 
Automatic merge from submit-queue (batch tested with PRs 48576, 49010)

make externalAdmissionHookConfigurationManager distinguish API disabled error

The externalAdmissionHookConfigurationManager does not return "DisabledErr" even if the API is disabled, so the GenericWebhook admission controller will not fail open.

The GenericWebhook admission controller is default to off, so the bug is hidden in most cases. To be safe, we should cherrypick it to 1.7.

```release-note
Fix a bug where the GenericWebhook admission plugin does not fail open when the admissionregistration API is disabled
```
 2017-07-18 00:35:43 -07:00
Jacob Simpson 29c1b81d4c Scripted migration from clientset_generated to client-go. 2017-07-17 15:05:37 -07:00
Chao Xu 9eb065ffd7 make externalAdmissionHookConfigurationManager distinguish API disabled error 
Also added unit tests
 2017-07-07 13:34:29 -07:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu cde4772928 run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles 2017-06-22 11:30:52 -07:00
Chao Xu 8dbeee50c7 generated 2017-06-14 10:20:33 -07:00
Chao Xu 4d834b22ea make admission configuration manager retry 5 times if it's not bootstrapped yet 2017-06-14 10:19:20 -07:00
Clayton Coleman 772ab8e1b4
Load initializers from dynamic config 
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.

Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
 2017-06-05 19:12:41 -04:00
Kubernetes Submit Queue e837c3bbc2 Merge pull request #46388 from lavalamp/whitlockjc-generic-webhook-admission 
Automatic merge from submit-queue (batch tested with PRs 46239, 46627, 46346, 46388, 46524)

Dynamic webhook admission control plugin

Unit tests pass.

Needs plumbing:
* [ ] service resolver (depends on @wfender PR)
* [x] client cert (depends on ????)
* [ ] hook source (depends on @caesarxuchao PR)

Also at least one thing will need to be renamed after Chao's PR merges.

```release-note
Allow remote admission controllers to be dynamically added and removed by administrators.  External admission controllers make an HTTP POST containing details of the requested action which the service can approve or reject.
```
 2017-06-02 23:37:42 -07:00
Daniel Smith c46e231fc7 generated changes 2017-05-31 16:38:47 -07:00
Daniel Smith d6e1140b5d Implement dynamic admission webhooks 
Also fix a bug in rest client
 2017-05-31 16:38:46 -07:00
Chao Xu 5e0e8bfa22 fix flake 2017-05-31 14:07:40 -07:00
Chao Xu dce3f69b20 generated 2017-05-26 16:06:12 -07:00
Chao Xu d7c1a92e0c the configuration manager 2017-05-26 15:11:53 -07:00
p0lyn0mial c5019bf696 remove init blocks from all admission plugins 2017-05-23 22:00:32 +02:00
Derek Carr a71bea312a ResourceQuota admission control injects registry 2017-05-18 23:17:13 -04:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Chao Xu 9d7a8df5ee add gc admission plugin that prevents user who doesn't have delete permission of the owner from setting blockOwnerDeletion 2017-04-13 11:55:22 -07:00
Dr. Stefan Schimanski 63f547e1b1 pkg/admission: make plugin registry non-global 2017-04-12 11:37:25 +02:00
deads2k d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Hemant Kumar b0581d688d Fix Multizone pv creation on GCE 
When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.
 2017-02-28 12:24:14 -05:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
deads2k 58992ce8d2 move admission read logic 2017-02-07 07:44:14 -05:00
deads2k 75841dc4f1 switch admission serialized config to an apiserver type 2017-02-06 11:38:08 -05:00
deads2k 01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
deads2k 52ec66ee85 remove api dependency from admission 2017-01-18 08:09:48 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k 2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00