scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-12-15 20:37:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
72,328 Commits 1 Branch 0 Tags
d7823bee59e7ea84dbd44767b4547f1046aa7a14
Commit Graph

5185 Commits

Author SHA1 Message Date
k8s-ci-robot
2b0212de9c Merge pull request #71206 from stlaz/enc_config_opt 
Rename '--experimental-encryption-provider-config' to '--encryption-provider-config'
 2018-11-21 11:30:12 -08:00
k8s-ci-robot
3d5998edcd Merge pull request #71298 from stewart-yu/stewart-controller-manager-flags 
add missing flags in *-controller-manager --help
 2018-11-21 05:58:20 -08:00
Jay Lim
10dd5d6631 *-controller-manager: fix missing global flags for --help 2018-11-21 17:39:14 +08:00
Christoph Blecker
c7d3951927 Update github.com/json-iterator/go to 1.1.4 2018-11-20 18:13:01 -08:00
Sergei Orlov
21c1bb8830 kubeapiserver: rename '--experimental-encryption-provider-config' to '--encryption-provider-config'. 
This change renames the '--experimental-encryption-provider-config'
flag to '--encryption-provider-config'. The old flag is accepted but
generates a warning.

In 1.14, we will drop support for '--experimental-encryption-provider-config'
entirely.

Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>
 2018-11-19 16:34:09 +01:00
k8s-ci-robot
7ba79c3183 Merge pull request #71128 from yue9944882/chore/add-reviewer 
Add yue9944882 to CRD/CR apiserver reviewer
 2018-11-18 14:14:17 -08:00
Clayton Coleman
3464222267 Revert "Make bootstrap client cert loading part of rotation" 
This reverts commit 0af19875ad.

Revert "Ensure the bootstrap rotation code is tested by forcing rotation"

This reverts commit de293b2d7d.
 2018-11-17 10:24:39 -05:00
k8s-ci-robot
46ebebcc4f Merge pull request #65763 from x13n/audit-logging 
Add option to k8s apiserver to reject incoming requests upon audit failure
 2018-11-17 04:39:56 -08:00
k8s-ci-robot
3be3510814 Merge pull request #69890 from smarterclayton/bootstrap_retry 
Make bootstrap client cert loading part of rotation
 2018-11-16 22:46:33 -08:00
k8s-ci-robot
ec2e767e59 Merge pull request #71167 from msau42/block-beta 
Promote raw block volume support to beta
 2018-11-16 20:28:03 -08:00
k8s-ci-robot
f38cc95505 Merge pull request #62692 from mikedanese/trev2 
authn: extend authenticator.Token to support audience validation
 2018-11-16 20:27:25 -08:00
Clayton Coleman
de293b2d7d Ensure the bootstrap rotation code is tested by forcing rotation 
Expose both a Stop() method (for cleanup) and a method to force
cert rotation, but only expose Stop() on the interface.

Verify that we choose the correct client.
 2018-11-16 21:50:52 -05:00
Clayton Coleman
0af19875ad Make bootstrap client cert loading part of rotation 
Ensure that bootstrap+clientcert-rotation in the Kubelet can:

1. happen in the background so that static pods aren't blocked by bootstrap
2. collapse down to a single call path for requesting a CSR
3. reorganize the code to allow future flexibility in retrieving bootstrap creds

Fetching the first certificate and later certificates when the kubelet
is using client rotation and bootstrapping should share the same code
path. We also want to start the Kubelet static pod loop before
bootstrapping completes. Finally, we want to take an incremental step
towards improving how the bootstrap credentials are loaded from disk
(potentially allowing for a CLI call to get credentials, or a remote
plugin that better integrates with cloud providers or KSMs).

Reorganize how the kubelet client config is determined. If rotation is
off, simplify the code path. If rotation is on, load the config
from disk, and then pass that into the cert manager. The cert manager
creates a client each time it tries to request a new cert.

Preserve existing behavior where:

1. bootstrap kubeconfig is used if the current kubeconfig is invalid/expired
2. we create the kubeconfig file based on the bootstrap kubeconfig, pointing to
   the location that new client certs will be placed
3. the newest client cert is used once it has been loaded
 2018-11-16 21:50:26 -05:00
k8s-ci-robot
39c8219999 Merge pull request #71158 from liggitt/revert-openapi-publish 
Revert openapi publish
 2018-11-16 18:22:43 -08:00
k8s-ci-robot
1e22f080ec Merge pull request #67383 from stlaz/enc_config_promotion 
Introduce apiserver.config.k8s.io/v1 and use standard method for parsing encryption config file
 2018-11-16 16:31:30 -08:00
Mike Danese
effad15ecc patch webhook authenticator to support token review with arbitrary audiences 2018-11-16 19:30:42 -05:00
Mike Danese
162699ca30 autogenerated 2018-11-16 17:54:33 -05:00
Mike Danese
04837fdef1 authn: add Audiences to TokenReview 2018-11-16 17:54:33 -05:00
Jordan Liggitt
8799eb4e2e Revert "Merge pull request #67205 from roycaihw/crd-openapi-spec" 
This reverts commit 54ee58b2d6, reversing
changes made to 9e2820e4c9.
 2018-11-16 16:36:24 -05:00
Jordan Liggitt
ad2b916d7c Revert "Merge pull request #71137 from sttts/sttts-crd-openapi-spec-recursive-v2-prune" 
This reverts commit 3ea3cfc3be, reversing
changes made to fab7009997.
 2018-11-16 16:36:04 -05:00
k8s-ci-robot
3ea3cfc3be Merge pull request #71137 from sttts/sttts-crd-openapi-spec-recursive-v2-prune 
apiextensions: prune {any,one}Of + Not recursively on OpenAPI v2 conversion
 2018-11-16 13:20:25 -08:00
k8s-ci-robot
c418e2a04f Merge pull request #71120 from WanLinghao/audit_log_fix 
fix a description error in DynamicAuditing feature
 2018-11-16 13:20:07 -08:00
k8s-ci-robot
9878253c3c Merge pull request #70998 from deads2k/client-07-listwatchtimeout 
update the client generator to set a client-side timeout
 2018-11-16 13:19:57 -08:00
Matthew Wong
7a6acefd21 Generate code for BlockVolume beta promotion 2018-11-16 13:38:59 -05:00
Matthew Wong
2ff98f7832 Promote BlockVolume to beta 2018-11-16 13:38:59 -05:00
WanLinghao
84aa00c03d fix a description error in DynamicAuditing feature 2018-11-17 01:49:02 +08:00
Dr. Stefan Schimanski
0d9a022533 apiextensions: prune {any,one}Of + Not recursively on OpenAPI v2 conversion 2018-11-16 18:42:01 +01:00
David Eads
8f7edec615 generated 2018-11-16 12:41:17 -05:00
David Eads
493bc79c04 update client generator for local timeout 2018-11-16 11:43:37 -05:00
Jordan Liggitt
248d661327 Add tests to ensure storage feature gate changes don't escape packages 2018-11-16 10:52:53 -05:00
k8s-ci-robot
f1e4ec8e48 Merge pull request #71076 from liggitt/preserve-stack 
Propagate panics up handler chain
 2018-11-16 05:13:09 -08:00
k8s-ci-robot
54ee58b2d6 Merge pull request #67205 from roycaihw/crd-openapi-spec 
Serve OpenAPI spec for registered CRDs
 2018-11-16 05:12:41 -08:00
zuoxiu.jm
af505dcd14 add reviewer 2018-11-16 20:12:28 +08:00
k8s-ci-robot
9e2820e4c9 Merge pull request #71067 from sttts/sttts-handler-panic 
apiserver: preserve stack trace in handler panic beyond timeout handler
 2018-11-16 03:57:11 -08:00
Daniel Kłobuszewski
7a10f4eda7 Add option to k8s apiserver to reject incoming requests upon audit failure 2018-11-16 10:32:49 +01:00
saad-ali
9d4810f25a Bump grpc from 1.7.5 to 1.13.0 2018-11-15 16:39:42 -08:00
Haowei Cai
94e3c2899f generated 2018-11-15 11:03:04 -08:00
Haowei Cai
e0d4c65b53 Convert and construct OpenAPI v2 spec from CRD 
validation OpenAPI v3 Schema
 2018-11-15 11:02:47 -08:00
Haowei Cai
3222a7033c Apiextensions-apiserver aggregates CRD schemas 
efficiently without checking conflicts, and wire up CRD discovery
controller to serve OpenAPI spec.
 2018-11-15 11:02:11 -08:00
Haowei Cai
92d95df0ba Enable aggregator apiserver resyncing openapi spec 
from delegation apiservers
 2018-11-15 11:00:25 -08:00
Jordan Liggitt
0952c9ee96 apiserver: propagate panics from REST handlers correctly 2018-11-15 12:35:51 -05:00
Dr. Stefan Schimanski
96fd0482f4 apiserver: preserve stack trace in handler panic beyond timeout handler 2018-11-15 17:36:11 +01:00
k8s-ci-robot
b7e2980a57 Merge pull request #68576 from jennybuckley/openapi-optimize 
Build OpenAPI Definitions per group instead of per resource
 2018-11-15 05:04:57 -08:00
k8s-ci-robot
b1a52a38e9 Merge pull request #67257 from pbarker/audit 
dynamic audit configuration
 2018-11-15 02:42:59 -08:00
k8s-ci-robot
f48e18faa4 Merge pull request #70971 from cheftako/leaseCheck 
Report KCM as unhealthy if leader election is wedged.
 2018-11-15 01:30:59 -08:00
Dr. Stefan Schimanski
e43e5e2e45 apiserver: in timeout_test separate out handler 2018-11-15 09:56:53 +01:00
k8s-ci-robot
726c07eb26 Merge pull request #69929 from jsafrane/csi-ga 
Promote CSIPersistentVolume feature to GA
 2018-11-14 20:34:58 -08:00
k8s-ci-robot
22eb2b0dae Merge pull request #70966 from awly/cert-triple-cleanup 
Remove k8s.io/client-go/util/cert/triple
 2018-11-14 19:20:07 -08:00
k8s-ci-robot
4fb368e5fd Merge pull request #70801 from Adirio/deltafifo-cleanup 
DeltaFIFO cleanup
 2018-11-14 19:19:57 -08:00
Patrick Barker
5cb70e369f adds dynamic audit configuration generated 2018-11-15 01:03:45 +00:00