github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
72,314 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

5185 Commits (d440ecdd3b41a4fc4a207195e1bb976422d6d35e)

Author SHA1 Message Date
Jordan Liggitt d440ecdd3b Update non-test code to use DefaultMutableFeatureGate 2018-11-21 11:51:33 -05:00
Jordan Liggitt 1d6db5924f Tighten feature gate interface to split out mutating methods 2018-11-21 11:51:32 -05:00
k8s-ci-robot 3d5998edcd
Merge pull request #71298 from stewart-yu/stewart-controller-manager-flags 
add missing flags in *-controller-manager --help
 2018-11-21 05:58:20 -08:00
Jay Lim 10dd5d6631 *-controller-manager: fix missing global flags for --help 2018-11-21 17:39:14 +08:00
Christoph Blecker c7d3951927
Update github.com/json-iterator/go to 1.1.4 2018-11-20 18:13:01 -08:00
k8s-ci-robot 7ba79c3183
Merge pull request #71128 from yue9944882/chore/add-reviewer 
Add yue9944882 to CRD/CR apiserver reviewer
 2018-11-18 14:14:17 -08:00
Clayton Coleman 3464222267
Revert "Make bootstrap client cert loading part of rotation" 
This reverts commit 0af19875ad.

Revert "Ensure the bootstrap rotation code is tested by forcing rotation"

This reverts commit de293b2d7d.
 2018-11-17 10:24:39 -05:00
k8s-ci-robot 46ebebcc4f
Merge pull request #65763 from x13n/audit-logging 
Add option to k8s apiserver to reject incoming requests upon audit failure
 2018-11-17 04:39:56 -08:00
k8s-ci-robot 3be3510814
Merge pull request #69890 from smarterclayton/bootstrap_retry 
Make bootstrap client cert loading part of rotation
 2018-11-16 22:46:33 -08:00
k8s-ci-robot ec2e767e59
Merge pull request #71167 from msau42/block-beta 
Promote raw block volume support to beta
 2018-11-16 20:28:03 -08:00
k8s-ci-robot f38cc95505
Merge pull request #62692 from mikedanese/trev2 
authn: extend authenticator.Token to support audience validation
 2018-11-16 20:27:25 -08:00
Clayton Coleman de293b2d7d
Ensure the bootstrap rotation code is tested by forcing rotation 
Expose both a Stop() method (for cleanup) and a method to force
cert rotation, but only expose Stop() on the interface.

Verify that we choose the correct client.
 2018-11-16 21:50:52 -05:00
Clayton Coleman 0af19875ad
Make bootstrap client cert loading part of rotation 
Ensure that bootstrap+clientcert-rotation in the Kubelet can:

1. happen in the background so that static pods aren't blocked by bootstrap
2. collapse down to a single call path for requesting a CSR
3. reorganize the code to allow future flexibility in retrieving bootstrap creds

Fetching the first certificate and later certificates when the kubelet
is using client rotation and bootstrapping should share the same code
path. We also want to start the Kubelet static pod loop before
bootstrapping completes. Finally, we want to take an incremental step
towards improving how the bootstrap credentials are loaded from disk
(potentially allowing for a CLI call to get credentials, or a remote
plugin that better integrates with cloud providers or KSMs).

Reorganize how the kubelet client config is determined. If rotation is
off, simplify the code path. If rotation is on, load the config
from disk, and then pass that into the cert manager. The cert manager
creates a client each time it tries to request a new cert.

Preserve existing behavior where:

1. bootstrap kubeconfig is used if the current kubeconfig is invalid/expired
2. we create the kubeconfig file based on the bootstrap kubeconfig, pointing to
   the location that new client certs will be placed
3. the newest client cert is used once it has been loaded
 2018-11-16 21:50:26 -05:00
k8s-ci-robot 39c8219999
Merge pull request #71158 from liggitt/revert-openapi-publish 
Revert openapi publish
 2018-11-16 18:22:43 -08:00
k8s-ci-robot 1e22f080ec
Merge pull request #67383 from stlaz/enc_config_promotion 
Introduce apiserver.config.k8s.io/v1 and use standard method for parsing encryption config file
 2018-11-16 16:31:30 -08:00
Mike Danese effad15ecc patch webhook authenticator to support token review with arbitrary audiences 2018-11-16 19:30:42 -05:00
Mike Danese 162699ca30 autogenerated 2018-11-16 17:54:33 -05:00
Mike Danese 04837fdef1 authn: add Audiences to TokenReview 2018-11-16 17:54:33 -05:00
Jordan Liggitt 8799eb4e2e Revert "Merge pull request #67205 from roycaihw/crd-openapi-spec" 
This reverts commit 54ee58b2d6, reversing
changes made to 9e2820e4c9.
 2018-11-16 16:36:24 -05:00
Jordan Liggitt ad2b916d7c Revert "Merge pull request #71137 from sttts/sttts-crd-openapi-spec-recursive-v2-prune" 
This reverts commit 3ea3cfc3be, reversing
changes made to fab7009997.
 2018-11-16 16:36:04 -05:00
k8s-ci-robot 3ea3cfc3be
Merge pull request #71137 from sttts/sttts-crd-openapi-spec-recursive-v2-prune 
apiextensions: prune {any,one}Of + Not recursively on OpenAPI v2 conversion
 2018-11-16 13:20:25 -08:00
k8s-ci-robot c418e2a04f
Merge pull request #71120 from WanLinghao/audit_log_fix 
fix a description error in DynamicAuditing feature
 2018-11-16 13:20:07 -08:00
k8s-ci-robot 9878253c3c
Merge pull request #70998 from deads2k/client-07-listwatchtimeout 
update the client generator to set a client-side timeout
 2018-11-16 13:19:57 -08:00
Matthew Wong 7a6acefd21 Generate code for BlockVolume beta promotion 2018-11-16 13:38:59 -05:00
Matthew Wong 2ff98f7832 Promote BlockVolume to beta 2018-11-16 13:38:59 -05:00
WanLinghao 84aa00c03d fix a description error in DynamicAuditing feature 2018-11-17 01:49:02 +08:00
Dr. Stefan Schimanski 0d9a022533 apiextensions: prune {any,one}Of + Not recursively on OpenAPI v2 conversion 2018-11-16 18:42:01 +01:00
David Eads 8f7edec615 generated 2018-11-16 12:41:17 -05:00
David Eads 493bc79c04 update client generator for local timeout 2018-11-16 11:43:37 -05:00
Jordan Liggitt 248d661327 Add tests to ensure storage feature gate changes don't escape packages 2018-11-16 10:52:53 -05:00
k8s-ci-robot f1e4ec8e48
Merge pull request #71076 from liggitt/preserve-stack 
Propagate panics up handler chain
 2018-11-16 05:13:09 -08:00
k8s-ci-robot 54ee58b2d6
Merge pull request #67205 from roycaihw/crd-openapi-spec 
Serve OpenAPI spec for registered CRDs
 2018-11-16 05:12:41 -08:00
zuoxiu.jm af505dcd14 add reviewer 2018-11-16 20:12:28 +08:00
k8s-ci-robot 9e2820e4c9
Merge pull request #71067 from sttts/sttts-handler-panic 
apiserver: preserve stack trace in handler panic beyond timeout handler
 2018-11-16 03:57:11 -08:00
Daniel Kłobuszewski 7a10f4eda7 Add option to k8s apiserver to reject incoming requests upon audit failure 2018-11-16 10:32:49 +01:00
saad-ali 9d4810f25a Bump grpc from 1.7.5 to 1.13.0 2018-11-15 16:39:42 -08:00
Haowei Cai 94e3c2899f generated 2018-11-15 11:03:04 -08:00
Haowei Cai e0d4c65b53 Convert and construct OpenAPI v2 spec from CRD 
validation OpenAPI v3 Schema
 2018-11-15 11:02:47 -08:00
Haowei Cai 3222a7033c Apiextensions-apiserver aggregates CRD schemas 
efficiently without checking conflicts, and wire up CRD discovery
controller to serve OpenAPI spec.
 2018-11-15 11:02:11 -08:00
Haowei Cai 92d95df0ba Enable aggregator apiserver resyncing openapi spec 
from delegation apiservers
 2018-11-15 11:00:25 -08:00
Jordan Liggitt 0952c9ee96 apiserver: propagate panics from REST handlers correctly 2018-11-15 12:35:51 -05:00
Dr. Stefan Schimanski 96fd0482f4 apiserver: preserve stack trace in handler panic beyond timeout handler 2018-11-15 17:36:11 +01:00
k8s-ci-robot b7e2980a57
Merge pull request #68576 from jennybuckley/openapi-optimize 
Build OpenAPI Definitions per group instead of per resource
 2018-11-15 05:04:57 -08:00
k8s-ci-robot b1a52a38e9
Merge pull request #67257 from pbarker/audit 
dynamic audit configuration
 2018-11-15 02:42:59 -08:00
k8s-ci-robot f48e18faa4
Merge pull request #70971 from cheftako/leaseCheck 
Report KCM as unhealthy if leader election is wedged.
 2018-11-15 01:30:59 -08:00
Dr. Stefan Schimanski e43e5e2e45 apiserver: in timeout_test separate out handler 2018-11-15 09:56:53 +01:00
k8s-ci-robot 726c07eb26
Merge pull request #69929 from jsafrane/csi-ga 
Promote CSIPersistentVolume feature to GA
 2018-11-14 20:34:58 -08:00
k8s-ci-robot 22eb2b0dae
Merge pull request #70966 from awly/cert-triple-cleanup 
Remove k8s.io/client-go/util/cert/triple
 2018-11-14 19:20:07 -08:00
k8s-ci-robot 4fb368e5fd
Merge pull request #70801 from Adirio/deltafifo-cleanup 
DeltaFIFO cleanup
 2018-11-14 19:19:57 -08:00
Patrick Barker 5cb70e369f adds dynamic audit configuration generated 2018-11-15 01:03:45 +00:00