github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
53,151 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

108 Commits (a4acc38c9629814f54ad74f4e157a04fa27f0992)

Author SHA1 Message Date
Jordan Liggitt 5d839d0d0b
Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
Jordan Liggitt 890894ac4f
Disable RBAC post-start hook if not using the RBAC authorizer 2017-03-30 23:30:04 -04:00
deads2k cd29754680 move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00
deads2k c2f8ef1b1a move insecure options to kubeapiserver 2017-03-27 13:55:45 -04:00
deads2k d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Kubernetes Submit Queue 61e7d1ebf1 Merge pull request #42491 from deads2k/auth-03-adder 
Automatic merge from submit-queue

make the system:authenticated group adder smarter

Fixes #42437 

This prevents the group adder from adding the system:authenticated group when:
 1. it's already in the list
 2. the user is system:anonymous
 3. system:unauthenticated is in the list

Smaller alternative to https://github.com/kubernetes/kubernetes/pull/42421 for 1.6.

@kubernetes/sig-auth-pr-reviews @enj @liggitt
 2017-03-06 05:45:03 -08:00
Kubernetes Submit Queue df70b30e59 Merge pull request #40537 from gnufied/fix-multizone-pv-breakage 
Automatic merge from submit-queue

Fix Multizone pv creation on GCE

When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.

cc @derekwaynecarr @childsb
 2017-03-05 11:16:46 -08:00
deads2k 379a73a8db make the system:authenticated group adder smarter 2017-03-03 12:32:52 -05:00
Hemant Kumar b0581d688d Fix Multizone pv creation on GCE 
When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.
 2017-02-28 12:24:14 -05:00
deads2k acba2cbd6d tweak defaults for recommended apiserver options 2017-02-27 07:47:19 -05:00
Kubernetes Submit Queue 51f498f6f3 Merge pull request #41645 from ncdc/shared-informers-12-admission 
Automatic merge from submit-queue (batch tested with PRs 41667, 41820, 40910, 41645, 41361)

Switch admission to use shared informers

Originally part of #40097

cc @smarterclayton @derekwaynecarr @deads2k @liggitt @sttts @gmarek @wojtek-t @timothysc @lavalamp @kubernetes/sig-scalability-pr-reviews @kubernetes/sig-api-machinery-pr-reviews
 2017-02-23 20:57:31 -08:00
Kubernetes Submit Queue 17375fc59f Merge pull request #41970 from deads2k/owners-08-master 
Automatic merge from submit-queue

add deads2k and sttts to kubeapiserver owners

Adds @deads2k and @sttts to packages we authored or significantly modified.

@lavalamp @smarterclayton
 2017-02-23 09:37:09 -08:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Lucas Käldström ab344da565
Move the authorization mode constants into a separate package 2017-02-23 15:27:16 +02:00
deads2k a4b7561665 add deads2k and sttts to kubeapiserver owners 2017-02-23 08:10:38 -05:00
Cao Shufeng 0ec585c139 Ensure invalid username/password returns 401 error, not 403 
If a user attempts to use basic auth, and the username/password combination
is rejected, the authenticator should return an error. This distinguishes
requests that did not provide username/passwrod (and are unauthenticated
without error) from ones that attempted to, and failed.
 2017-02-22 04:52:05 -05:00
Eric Chiang a0df658b20 kube-apiserver: add a bootstrap token authenticator for TLS bootstrapping 2017-02-21 08:43:55 -08:00
Dr. Stefan Schimanski 0e9c1f75bf Update bazel 2017-02-15 10:25:15 +01:00
Dr. Stefan Schimanski 5e77d01897 k8s.io/apiserver: straighten EtcdOptions, backend Config and kube RESTOptionsFactory 2017-02-15 10:24:59 +01:00
Dr. Stefan Schimanski 27e01b5c46 k8s.io/apiserver: fixup imports and renamed packages 2017-02-15 10:24:58 +01:00
deads2k a463540d47 remove duplication of RESTOptionsGetter for kube 2017-02-08 09:08:58 -05:00
deads2k 470cb9d2c9 streamline etcd options for aggregated api server 2017-02-08 09:07:47 -05:00
deads2k 226af4adc4 move --runtime-config to kubeapiserver 2017-02-07 13:43:13 -05:00
Kubernetes Submit Queue 42973b0523 Merge pull request #40947 from deads2k/apiserver-04-invert 
Automatic merge from submit-queue (batch tested with PRs 41023, 41031, 40947)

apiserver command line options lead to config

Logically command line options lead to config, not the other way around.  We're clean enough now we can actually do the inversion.

WIP because I have some test cycles to fix, but this is all the meat.

@kubernetes/sig-api-machinery-misc
 2017-02-07 09:04:41 -08:00
deads2k 250408ee9c apiserver command line options lead to config 2017-02-07 07:57:11 -05:00
deads2k 58992ce8d2 move admission read logic 2017-02-07 07:44:14 -05:00
deads2k 75841dc4f1 switch admission serialized config to an apiserver type 2017-02-06 11:38:08 -05:00
Dr. Stefan Schimanski 6af3210d6f Update generated files 2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
deads2k 6b57489552 move apiserver options 2017-02-01 15:18:33 -05:00
deads2k 384c873914 remove unneeded storage options 2017-01-31 13:44:39 -05:00
deads2k aea12038b4 move storage/storagebackend to apiserver 2017-01-27 08:49:55 -05:00
deads2k 0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski 2b8e938128 Update generated files 2017-01-24 20:56:03 +01:00
Dr. Stefan Schimanski 82826ec273 pkg/util/flag: move to k8s.io/apiserver 2017-01-24 20:56:03 +01:00
Dr. Stefan Schimanski 56d60cfae6 pkg/util: move flags from pkg/util/config to pkg/util/flags 2017-01-24 20:56:03 +01:00
Dr. Stefan Schimanski 4beba154b4 genericapiserver: move authz webhook plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
Dr. Stefan Schimanski 4077e0bba7 genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
deads2k 5a8f075197 move authoritative client-go utils out of pkg 2017-01-24 08:59:18 -05:00
Jordan Liggitt c6c0b8518e
avoid incorrect short-circuit of client-ca setup 2017-01-22 14:50:42 -05:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
deads2k 01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
deads2k 52ec66ee85 remove api dependency from admission 2017-01-18 08:09:48 -05:00
deads2k de725e56e2 prevent anonymous auth and allow all 2017-01-17 10:16:33 -05:00
Dr. Stefan Schimanski 1a7242a84c Move BuildDefaultStorageFactory to kubeapiserver 2017-01-16 14:25:58 +01:00
deads2k 31b6ba4e94 mechanicals 2017-01-13 16:33:09 -05:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k 1df5b658f2 switch webhook to clientgo 2017-01-09 16:53:24 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
Kubernetes Submit Queue f76fba0da0 Merge pull request #39435 from sttts/sttts-cloudprovider-to-master 
Automatic merge from submit-queue

Move apiserver cloudprovider dep into kubeapiserver
 2017-01-05 02:29:11 -08:00
Dr. Stefan Schimanski f96fa748d8 Move apiserver cloudprovider dep into kubeapiserver 2017-01-05 09:40:03 +01:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
deads2k 2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
deads2k ab1b77673f decouple genericapiserver from non-generic authenticator 2016-12-22 07:48:08 -05:00
deads2k a3564c0aa8 start kubeapiserver package for sharing between kubeapiserver and federation 2016-12-22 07:43:42 -05:00