Jordan Liggitt
e5e557e902
apiserver: add API server plumbing for adding warnings
2020-06-11 16:04:19 -04:00
Mike Spreitzer
73614ddd4e
Added API Priority and Fairness filter and config consumer
2020-02-10 22:54:40 -05:00
Ted Yu
cdc1b71bde
WithAuthentication should wrap WithMaxInFlightLimit
2019-09-19 13:39:49 -07:00
David Eads
f589c1213c
add cache-control headers to kube-apiserver
2019-08-26 13:00:31 -04:00
SataQiu
64193630a7
cleanup: move the comment to its place
2019-05-23 12:29:12 +08:00
Mike Danese
21fd8f2041
tokenreview: add APIAudiences config to generic API server and augment context
2018-10-09 22:47:10 -07:00
walter
6990a6392a
Cleaned up lint errors in pkg/kubeapiserver/server.
2018-09-26 23:12:30 -07:00
Dr. Stefan Schimanski
8aa0eefce8
kube-controller-manager: disable authn/z on insecure port
...
This is the old behaviour and we did not intent to change it due to enabled authn/z in general.
As the kube-apiserver this sets the "system:unsecured" user info.
2018-08-30 20:17:29 +02:00
Marian Lobur
3f730d4c25
Remove deprecated legacy audit logging code.
2018-08-23 12:08:54 +02:00
Dr. Stefan Schimanski
c2724793e8
Update bazel
2018-08-17 08:57:21 +02:00
Dr. Stefan Schimanski
d787213d1b
kube-apiserver: switch apiserver's DeprecatedInsecureServingOptions
2018-08-17 08:56:47 +02:00
Dr. Stefan Schimanski
1575e17365
kube-apiserver: drop unused loopback token in insecure mode
2018-07-04 19:15:11 +02:00
Jeff Grafton
23ceebac22
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
Jordan Liggitt
8ea88a5092
Remove request context mapper
2018-04-18 17:03:31 -04:00
Dr. Stefan Schimanski
9f906618f0
apiserver: enforce shared RequestContextMapper in delegation chain
2018-04-05 14:41:56 +02:00
hzxuzhonghu
6ba30f678c
pass listener to genericapiserver
2017-11-21 11:00:15 +08:00
hzxuzhonghu
db4f0de280
gracefully shutdown apiserver after all non-long running requests finish
2017-11-10 14:06:52 +08:00
Dr. Stefan Schimanski
f6a89df3fb
Revert "audit backend run shutdown gracefully after http handler finish"
...
This reverts commit f42686081b
2017-10-30 15:26:51 +01:00
hzxuzhonghu
f42686081b
audit backend run shutdown gracefully after http handler finish
2017-10-28 15:03:38 +08:00
Jeff Grafton
aee5f457db
update BUILD files
2017-10-15 18:18:13 -07:00
Joe Betz
cb764756c6
Add --request-timeout to allow the global request timeout of 60 seconds to be configured.
2017-08-28 13:42:43 -07:00
Jeff Grafton
a7f49c906d
Use buildozer to delete licenses() rules except under third_party/
2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be
Use buildozer to remove deprecated automanaged tags
2017-08-11 09:31:50 -07:00
Tim St. Clair
a5de309ee2
Implement audit policy logic
2017-05-25 07:38:07 -07:00
Dr. Stefan Schimanski
0b5bcb0219
audit: add audit event to the context and fill in handlers
2017-05-23 11:20:14 +02:00
Mike Danese
a05c3c0efd
autogenerated
2017-04-14 10:40:57 -07:00
Kubernetes Submit Queue
67f2a7cc00
Merge pull request #43888 from liggitt/unsecured-port-user
...
Automatic merge from submit-queue (batch tested with PRs 43545, 44293, 44221, 43888)
Avoid nil user special-casing in unsecured endpoint
The unsecured handler currently adds no `user.Info` to the request context. That means that anything that tries to authorize actions in the API server currently has to special case nil users to ensure the unsecured localhost endpoint remains capable of performing all actions.
This PR changes the unsecured localhost endpoint to be treated as a privileged user internally, so that no special casing is required by code inside the authentication layer
I'm not particularly attached to the username. It doesn't bother me for it to have a slightly uncomfortable sounding name.
2017-04-11 12:18:24 -07:00
deads2k
b73cddb227
only log stacks on server errors
2017-04-10 07:57:43 -04:00
Jordan Liggitt
5d839d0d0b
Avoid nil user special-casing in unsecured endpoint
2017-03-31 13:28:59 -04:00
deads2k
cd29754680
move legacy insecure options out of the main flow
2017-03-27 14:07:54 -04:00
