github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
72,658 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

322 Commits (bfa389dd5d2bd94e3221931ef5c91dad2365202d)

Author SHA1 Message Date
Darren Shepherd 9092b12439 Remove client-go auth plugins 2019-02-22 08:57:02 -07:00
Darren Shepherd a915a35bd0 Delete anonymous auth 2019-02-22 08:57:02 -07:00
Darren Shepherd 67c5df7176 Remove RequestHeader and ClientCerts auth 2019-02-22 08:57:02 -07:00
Darren Shepherd 153b97ae5b Delete oidc 2019-02-22 08:57:02 -07:00
Darren Shepherd a260e501ef Delete bootstrap token 2019-02-22 08:57:02 -07:00
Darren Shepherd 9cbf136137 Remove ABAC 2019-02-22 08:57:02 -07:00
Darren Shepherd 50b96d1c8f Remove admission controllers 2019-02-22 08:57:02 -07:00
Darren Shepherd c3b7ce5f9b Delete cloud provider 2019-02-22 08:57:02 -07:00
Darren Shepherd d20c139f88 Remove openapi/swagger 2019-02-22 08:57:02 -07:00
Darren Shepherd 7e69045b03 Remove BoundServiceAccountTokenVolume 2019-02-22 08:57:02 -07:00
Darren Shepherd 20baab69dc Remove coordination/v1beta1 2019-02-22 08:57:02 -07:00
Darren Shepherd 7b6a5abe41 Remove settings 2019-02-22 08:57:02 -07:00
Darren Shepherd 00dc5e75f5 Remove imagepolicy 2019-02-22 08:57:02 -07:00
Darren Shepherd 6c99e6b456 Remove events 2019-02-22 08:57:02 -07:00
Darren Shepherd bf26b0f838 Remove admissionregistration/v1alpha1 2019-02-22 08:57:02 -07:00
Bobby (Babak) Salamat 2239816e2f Autogenerated files 2019-01-24 18:07:48 -08:00
Bobby (Babak) Salamat a0932c3334 Add a default admission controller to taint new nodes on creation. 2019-01-24 18:07:48 -08:00
Mike Danese effad15ecc patch webhook authenticator to support token review with arbitrary audiences 2018-11-16 19:30:42 -05:00
k8s-ci-robot b1a52a38e9
Merge pull request #67257 from pbarker/audit 
dynamic audit configuration
 2018-11-15 02:42:59 -08:00
Patrick Barker 5cb70e369f adds dynamic audit configuration generated 2018-11-15 01:03:45 +00:00
Patrick Barker eb89d3dddd adds dynamic audit configuration 2018-11-14 17:54:06 -07:00
Mike Danese 67bbf753cb retrofit svcacct token authenticator to support audience validation 2018-11-13 20:38:41 -08:00
k8s-ci-robot bd2cb5a72d
Merge pull request #70831 from mikedanese/securesvcacct 
add BoundServiceAccountTokenVolume feature
 2018-11-13 08:54:25 -08:00
k8s-ci-robot 27cf50d85e
Merge pull request #70322 from mikedanese/audoidc 
make oidc authenticator (more?) audience aware
 2018-11-12 17:03:29 -08:00
Mike Danese f4ff26679f add BoundServiceAccountTokenVolume feature 
* require TokenRequest to be enabled and configured
* bind ca.crt publisher to this feature rather than to TokenRequest
 2018-11-12 13:11:47 -08:00
Mike Danese a714d9cd04 make oidc authenticator (more?) audience aware 
Part of https://github.com/kubernetes/kubernetes/issues/69893
 2018-11-12 12:43:21 -08:00
Davanum Srinivas 954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
k8s-ci-robot 0aba557741
Merge pull request #70600 from liggitt/sig-auth-subprojects 
Add owners/approvers aliases for sig-auth subprojects
 2018-11-06 17:55:07 -08:00
k8s-ci-robot 50de3a0d79
Merge pull request #69659 from cheftako/lintClean3 
Fixes lint errors in kubeapiserver packages
 2018-11-06 14:02:05 -08:00
Jordan Liggitt 9ae79f9653 authorizers subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Jordan Liggitt 4fa2a0cc8a authenticators subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
k8s-ci-robot c8604653f0
Merge pull request #70449 from mikedanese/simplcache 
remove webhook cache implementation and replace with token cache
 2018-11-05 16:32:34 -08:00
Mike Danese 0ec4d6d396 remove webhook cache implementation and replace with the token cache 
The striped cache used by the token cache is slightly more sophisticated
however the simple cache provides about the same exact behavior. I used
the striped cache rather than the simple cache because:

* It has been used without issue as the primary token cache.
* It preforms better under load.
* It is already exposed in the public API of the token cache package.
 2018-11-05 13:08:45 -08:00
walter 2af982abb9 Fixes lint errors in kubeapiserver packages 
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
 2018-11-04 17:22:41 -08:00
Patrick Barker d33f347ba8 refactors kubeapiserver webhook utility to be generic generated 2018-11-02 11:42:04 -06:00
Patrick Barker 1081fffdd5 refactors kubeapiserver webhook utility to be generic 2018-11-02 11:41:58 -06:00
Mike Danese 34cc8eeac7 wrap all audience unaware authenticators in kube-apiserver 2018-10-31 15:31:49 -07:00
k8s-ci-robot 1f0f4cd7eb
Merge pull request #70308 from mikedanese/trev7 
default api audiences to service account token issuer if available
 2018-10-29 22:08:01 -07:00
Mike Danese a13b48de94 default api audiences to service account token issuer if available 
This is a sane default that users can choose to migrate away from later.
 2018-10-29 16:40:06 -07:00
zuoxiu.jm efeec1edee remove internal informer/lister generator 2018-10-29 11:37:55 +08:00
zuoxiu.jm 7f608eb5df prune internal informer from kubeapiserver constructor 2018-10-29 11:30:44 +08:00
yue9944882 6a8faa6e40 replace contrustor of ad controller with config.complete.new flow 
review:
1. import order
2. only set nil field on complete
3. replace hardcoded default namespace
 2018-10-26 11:49:37 +08:00
Kim Min 79599ac419 Prune internal clientset/informer from kubeapiserver admission initializer (#70167) 
* externalize pv resize admission controller

* externalize podtolerationrestriction admission controller

* externalize podnodeselector admission controller

* remove internal clientset/informer from kubeapiserver admission initializer

* minor change: fixes scheduler integration test compiliation
 2018-10-24 14:47:16 -07:00
Mike Danese 371b1e7fed promote --service-account-api-audiences to top level kube-apiserver config 
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
 2018-10-22 18:21:37 -07:00
k8s-ci-robot cf3a930938
Merge pull request #69607 from mikedanese/audctx 
tokenreview: add APIAudiences config to generic API server and augment context
 2018-10-15 19:03:43 -07:00
k8s-ci-robot 793b8752d1
Merge pull request #68777 from stewart-yu/patch-1 
remove unneed parameter in test struct
 2018-10-12 16:01:23 -07:00
Mike Danese 21fd8f2041 tokenreview: add APIAudiences config to generic API server and augment context 2018-10-09 22:47:10 -07:00
Christoph Blecker 97b2992dc1
Update gofmt for go1.11 2018-10-05 12:59:38 -07:00
walter 6990a6392a Cleaned up lint errors in pkg/kubeapiserver/server. 2018-09-26 23:12:30 -07:00
Stewart-YU 5ef8e41215 remove unneed parameter in test struct 
remove unneed parameter in test struct
 2018-09-26 08:59:42 +08:00