github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
69,395 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

16 Commits (e209b643a7cb7aedb42f820fdfc440f7251e4eb7)

Author SHA1 Message Date
Marian Lobur 3f730d4c25 Remove deprecated legacy audit logging code. 2018-08-23 12:08:54 +02:00
Dr. Stefan Schimanski d787213d1b kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions 2018-08-17 08:56:47 +02:00
Dr. Stefan Schimanski 1575e17365 kube-apiserver: drop unused loopback token in insecure mode 2018-07-04 19:15:11 +02:00
Jordan Liggitt 8ea88a5092
Remove request context mapper 2018-04-18 17:03:31 -04:00
Dr. Stefan Schimanski 9f906618f0 apiserver: enforce shared RequestContextMapper in delegation chain 2018-04-05 14:41:56 +02:00
hzxuzhonghu 6ba30f678c pass listener to genericapiserver 2017-11-21 11:00:15 +08:00
hzxuzhonghu db4f0de280 gracefully shutdown apiserver after all non-long running requests finish 2017-11-10 14:06:52 +08:00
Dr. Stefan Schimanski f6a89df3fb Revert "audit backend run shutdown gracefully after http handler finish" 
This reverts commit f42686081b.
 2017-10-30 15:26:51 +01:00
hzxuzhonghu f42686081b audit backend run shutdown gracefully after http handler finish 2017-10-28 15:03:38 +08:00
Joe Betz cb764756c6 Add --request-timeout to allow the global request timeout of 60 seconds to be configured. 2017-08-28 13:42:43 -07:00
Tim St. Clair a5de309ee2
Implement audit policy logic 2017-05-25 07:38:07 -07:00
Dr. Stefan Schimanski 0b5bcb0219 audit: add audit event to the context and fill in handlers 2017-05-23 11:20:14 +02:00
Kubernetes Submit Queue 67f2a7cc00 Merge pull request #43888 from liggitt/unsecured-port-user 
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)

Avoid nil user special-casing in unsecured endpoint

The unsecured handler currently adds no `user.Info` to the request context.  That means that anything that tries to authorize actions in the API server currently has to special case nil users to ensure the unsecured localhost endpoint remains capable of performing all actions. 

This PR changes the unsecured localhost endpoint to be treated as a privileged user internally, so that no special casing is required by code inside the authentication layer

I'm not particularly attached to the username. It doesn't bother me for it to have a slightly uncomfortable sounding name.
 2017-04-11 12:18:24 -07:00
deads2k b73cddb227 only log stacks on server errors 2017-04-10 07:57:43 -04:00
Jordan Liggitt 5d839d0d0b
Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
deads2k cd29754680 move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00