github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
62,068 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

54 Commits (ddefff0c69d97c6e374fef7b2a623528bfee77a5)

Author SHA1 Message Date
Kubernetes Submit Queue 237007b615
Merge pull request #59934 from mikedanese/jwt-auth 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

svcacct: make token authenticator fully generic

so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.

part of https://github.com/kubernetes/kubernetes/issues/58790

```release-note
NONE
```
 2018-02-20 18:40:59 -08:00
Mike Danese 2862fb333a svcacct: make token authenticator fully generic 
so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.
 2018-02-20 12:30:42 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Dr. Stefan Schimanski 4e0114b0dd apiserver: make SecureServingOptions and authz/n options re-usable 2018-02-13 11:16:38 +01:00
Mike Danese 057b7af798 serviceaccount: check token is issued by correct iss before verifying 
Right now if a JWT for an unknown issuer, for any subject hits the
serviceaccount token authenticator, we return a errors as if the token
was meant for us but we couldn't find a key to verify it. We should
instead return nil, false, nil.

This change helps us support multiple service account token
authenticators with different issuers.
 2018-01-24 20:21:59 -08:00
Kubernetes Submit Queue 576c9118a6
Merge pull request #53592 from frodenas/bootstrap-controller 
Automatic merge from submit-queue (batch tested with PRs 53592, 52562, 55175, 55213). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Check RegisterMetricAndTrackRateLimiterUsage error when starting BootstrapSigner & TokenCleaner controllers

**What this PR does / why we need it**:
Prevent `BootstrapSigner` and `TokenCleaner` controllers to start if `metrics.RegisterMetricAndTrackRateLimiterUsage` returns an error.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: complements #53571 

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-11-07 11:21:15 -08:00
Mike Danese 12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Ferran Rodenas d67898b875 Check RegisterMetricAndTrackRateLimiterUsage error when starting controllers 
Signed-off-by: Ferran Rodenas <rodenasf@vmware.com>
 2017-11-01 12:46:07 +01:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jacob Simpson 8bcbbd4d08 Migrate api.Registry to testapi.Groups in tests. 2017-07-17 15:05:38 -07:00
Jacob Simpson 29c1b81d4c Scripted migration from clientset_generated to client-go. 2017-07-17 15:05:37 -07:00
Mike Danese 6ae11fdc5d use testmain in integration tests 2017-07-12 17:34:55 -07:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Clayton Coleman 784e3ae5fa
Switch the tokens controller to use shared informers 
Tokens controller previously needed a bit of extra help in order to be
safe for concurrent use. The new MutationCache allows it to keep a local
cache and still use a shared informer. The filtering event handler lets
it only see changes to secrets it cares about.
 2017-05-20 14:19:49 -04:00
Mike Danese 21617a60ae don't use build tags to mark integration tests 2017-04-28 14:19:39 -07:00
deads2k d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Andy Goldstein 65fe722643 Switch serviceaccounts controller to generated shared informers 2017-02-14 14:21:14 -05:00
Dr. Stefan Schimanski 79adb99a13 pkg/api: move Semantic equality to k8s.io/apimachinery/pkg/api/equality 2017-01-29 21:41:45 +01:00
Clayton Coleman 469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
deads2k 77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
Kubernetes Submit Queue a6fa5c2bfd Merge pull request #39814 from deads2k/api-58-multi-register 
Automatic merge from submit-queue

replace global registry in apimachinery with global registry in k8s.io/kubernetes

We'd like to remove all globals, but our immediate problem is that a shared registry between k8s.io/kubernetes and k8s.io/client-go doesn't work.  Since client-go makes a copy, we can actually keep a global registry with other globals in pkg/api for now.

@kubernetes/sig-api-machinery-misc @lavalamp @smarterclayton @sttts
 2017-01-13 12:37:02 -08:00
deads2k f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
NickrenREN a12dea14e0 fix redundant alias clientset 2017-01-12 10:21:05 +08:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
deads2k 2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Chao Xu 6709b7ada2 run hack/update-codegen.sh 
run hack/verify-gofmt.sh
update bazel
 2016-12-14 12:39:49 -08:00
Chao Xu 03d8820edc rename /release_1_5 to /clientset 2016-12-14 12:39:48 -08:00
Wojciech Tyczynski a9ec31209e GetOptions - fix tests 2016-12-09 09:42:01 +01:00
Timothy St. Clair d15e20eed4 Reduce the etcd surface area in the integration test to minimize the client dependency. 2016-11-28 15:58:39 -06:00
Chao Xu b50367cbdc remove v1.Semantics 2016-11-23 15:53:09 -08:00
Chao Xu f3b5d514ab test/integration 2016-11-23 15:53:09 -08:00
deads2k df4ed892c4 convert SA controller to shared informers 2016-10-27 15:44:46 -04:00
deads2k 406c0a36ae cleanup cruft from API server structs 2016-10-11 10:56:05 -04:00
deads2k 518d5500c7 remove testapi.Default.GroupVersion 2016-10-07 10:10:54 -04:00
deads2k 9f4f6a1cba fix integration tests for loopback client 2016-10-04 08:40:59 -04:00
Kubernetes Submit Queue 30ca344361 Merge pull request #33565 from liggitt/ecdsa 
Automatic merge from submit-queue

Add ECDSA support for service account tokens

Fixes #28180

```release-note
ECDSA keys can now be used for signing and verifying service account tokens.
```
 2016-10-01 08:42:53 -07:00
Dr. Stefan Schimanski 61409c821b Turn embedding into composition: master.Config.{Config -> GenericConfig} 2016-09-29 08:09:39 +02:00
Dr. Stefan Schimanski 8391a19b57 Decouple defaulting from genericapiserver and master 2016-09-28 23:16:09 +02:00
Dr. Stefan Schimanski b4c6a68036 Unify genericapiserver Config.New() and master Config.New() 2016-09-28 19:19:54 +02:00
Jordan Liggitt 6333d8fd86
Add ECDSA support 2016-09-27 12:44:54 -04:00