This PR attempts to simplify the OpenID Connect client plugin to
reduce round trips. The steps taken by the client are now:
* If ID Token isn't expired:
* Do nothing.
* If ID Token is expired:
* Query /.well-known discovery URL to find token_endpoint.
* Use an OAuth2 client and refresh token to request new ID token.
This avoids the previous pattern of always initializing a client,
which would hit the /.well-known endpoint several times.
The client no longer does token validation since the server already
does this. As a result, this code no longer imports
github.com/coreos/go-oidc, instead just using golang.org/x/oauth2
for refreshing.
Kubernetes-commit: 6915f857574505a2cd2072c32d9d6da66ce6f55a
Since NewSchemeBuilder registers the supplied Scheme transformation
functions synchronously, there's no need for a subsequent call
to (*SchemeBuilder).Register against the same instance.
Kubernetes-commit: 3a8e44bda80f74d674bf2df0b87cb4562a3587a0
Remove kubectl's dependence on pkg/api/helper, as part of
broader effort to isolate kubectl from the rest of k8s.
In this case, the code becomes private to kubectl; nobody else uses it.
**Which issue this PR fixes**
Part of a series of PRs to address kubernetes/community#598
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 5a9b06b717805ad47da1edda6018fea107ac4ce9
The alpha field podManagementPolicy defines how pods are created,
deleted, and replaced. The new `Parallel` policy will replace pods
as fast as possible, not waiting for the pod to be `Ready` or providing
an order. This allows for advanced clustered software to take advantage
of rapid changes in scale.
Kubernetes-commit: 2861ae5eb986a059c69e812513c272566c346710
This patch adds instructions for how to run the in-cluster client-go example.
To make this example executable, providing a Dockerfile and build steps so
that it can directly be run on minikube.
This is part of the body of work improving the client library samples.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Kubernetes-commit: 8604ed6d9906ebfb33206b55467db41c87e9f148
Allows an informer consumer to easily filter a set of changes out,
possibly to maintain a smaller cache or to only operate on a known set
of objects.
Kubernetes-commit: 5439cfd24571a1727aacf741d3ab8bd33f974cab
client-go/pkt/util was removed in favor of client-go util, which consists
only from CodeExitError and ExitError interface
Kubernetes-commit: 8574bc564f4c54aa964d6c0c7ccec3202d9e2f1b
Module remotecommand originally part of kubernetes/pkg/client/unversioned was moved
to client-go/tools, and will be used as authoritative in kubectl, e2e and other places.
Module remotecommand relies on util/exec module which will be copied to client-go/pkg/util
Kubernetes-commit: 2612e0c78ad18ac87bbd200d547100cf99f36089
The usecase of this change:
When a super user grant some RBAC permissions to a group, he can use
--as-group to test whether the group get the permissions.
Note that now we support as-groups, as-user-extra in kubeconfig file
after this change.
Kubernetes-commit: e541defd49d01024d17dddf8e966eba2c46a6db0
