github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-31 05:40:42 +00:00
Code Issues Projects Releases Wiki Activity
60,888 Commits 42 Branches 8,159 Tags
e72c6c69bbaa9a75f415f09b1ca66c901b3dc3f7
Commit Graph

740 Commits

Author SHA1 Message Date
Yifan Gu
aca6368e3c plugin/oidc: add minor documentation details. 2015-08-24 15:25:26 -07:00
Paul Weil
709e654686 use privileged source object 2015-08-24 16:53:43 -04:00
Yifan Gu
6376e41850 plugin/pkg/auth: add OpenID Connect token authenticator. 
Also add related new flags to apiserver:
"--oidc-issuer-url", "--oidc-client-id", "--oidc-ca-file", "--oidc-username-claim",
to enable OpenID Connect authentication.
 2015-08-21 15:27:08 -07:00
Saad Ali
c1a2c6dee7 Merge pull request #10713 from thockin/no-localhost-endpoints 
Check loopback and link-local multicast endpoints
 2015-08-19 12:48:33 -07:00
gmarek
3c907b33e1 Remove external function setting Kubelet flags 2015-08-19 13:20:41 +02:00
Tim Hockin
86f4535871 Check loopback and link-local multicast endpoints 
Previously we just disallowed link-local (unicast).  This disallows loopback
and link-local multicast.
 2015-08-18 21:50:27 -07:00
Kris Rousey
ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Bin Wang
0547c52c2c Enforce specified service-cluster-ip-range is not too large 2015-08-18 10:35:21 +08:00
Eric Paris
347c7b5b82 Mark some flags as deprecated so thus don't show up in help 2015-08-14 19:28:03 -04:00
Ruddarraju, Uday Kumar Raju
937db3f70d Keystone authentication plugin 2015-08-13 09:46:30 -07:00
Bryan Stenson
9541414742 create cloudprovider "providers" package 
move all providers into new package
    update all references to old package path
 2015-08-11 22:36:51 -07:00
Eric Paris
1333fad22a Remove BindClientConfigFlags entirely 
They are unused.
 2015-08-11 16:26:24 -04:00
Alex Robinson
11fcd3bb39 Merge pull request #12478 from eparis/use-pflag-network 
Use pflags for net.IP and net.IPNet instead of custom flag types
 2015-08-10 11:55:54 -07:00
Eric Paris
f3282ff4d2 Use pflag IPNet instead of our own helpers 
Since pflag can handle net.IPNet arguements use that code. This means
that our code no longer has casts back and forth and just natively uses
net.IPNet.
 2015-08-10 10:15:08 -04:00
Eric Paris
fe6b633e2a Convert for util.IP to just use a net.IP 
pflag can handle IP addresses so use the pflag code instead of doing it
ourselves. This means our code just uses net.IP and we don't have all of
the useless casting back and forth!
 2015-08-10 10:15:05 -04:00
Veres Lajos
9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
Eric Paris
7cbb52ce04 Use the pflag StringSlice instead of implementing it ourselves 
Saves code and makes our code easier to read because we just use normal
[]string instead of custom type.
 2015-08-06 19:16:13 -04:00
Mike Danese
17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Muhammed Uluyol
58a875ac2c Add (stopgap) support for an experimental API prefix. 2015-07-30 18:14:29 -07:00
Wojciech Tyczynski
99d6b0e9f4 Rename storage interfaces 2015-07-30 10:34:57 +02:00
Wojciech Tyczynski
d17985f1ad Move StorageInterface to pkg/storage. 2015-07-30 09:32:04 +02:00
Brendan Burns
99b02bfe73 Add optional throttling to the proxy/exec/attach methods 2015-07-29 13:51:20 -07:00
Marek Grabowski
7cc1855c27 Merge pull request #11806 from wojtek-t/private_etcd_helper 
Make EtcdHelper private - expose only StorageInterface
 2015-07-27 11:21:28 +02:00
Marek Grabowski
00cd52dd68 Merge pull request #10656 from krousey/timeouts 
Adding proper timeouts.
 2015-07-27 10:56:58 +02:00
Wojciech Tyczynski
9d943df397 Private EtcdHelper 2015-07-27 09:20:13 +02:00
Mike Danese
859f440f74 Merge pull request #11666 from wojtek-t/refactor_etcd_helper 
Extract EtcdHelper interface
 2015-07-24 11:07:46 -07:00
Mike Danese
ae1c8e55ef Merge pull request #11737 from thockin/cleanup-remove-v1beta3 
Remove v1beta3
 2015-07-24 10:25:56 -07:00
Wojciech Tyczynski
fdb3f45077 Extract EtcdHelper interface 2015-07-24 09:28:02 +02:00
Vish Kannan
2a5a6b99cb Merge pull request #10635 from smarterclayton/cloud_provider_should_err 
Cloud provider should return an error
 2015-07-23 17:50:45 -07:00
Tim Hockin
1c3233a1d4 Remove v1beta3 2015-07-23 17:21:27 -07:00
Wojciech Tyczynski
ee92aa3897 Prepare for extracting EtcdHelper interface 2015-07-23 09:37:39 +02:00
Kris Rousey
1d033b9912 Adding proper timeouts. 2015-07-10 14:42:59 -07:00
nikhiljindal
c465a50891 Stop exposing v1beta3 by default 2015-07-08 15:27:41 -07:00
Eric Paris
cde68d294b Do not create subject alt dns names for kubelet self signed certs 
PR #10643 Started adding the dns names for the kubernetes master to self
sign certs which were created. The kubelet uses this same code, and thus
the kubelet cert started saying it was valid for these name as well.
While hardless, the kubelet cert shouldn't claim to be these things. So
make the caller explicitly list both their ip and dns subject alt names.
 2015-07-04 23:01:01 -04:00
Eric Paris
7a29af4d2c Add Subject Alt Names to self signed apiserver certs 
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master

A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc

So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
 2015-07-01 17:05:17 -04:00
Clayton Coleman
d8bb4552de Cloud provider should return an error 
Not fatal - makes cloud provider useful in methods that
can return error.
 2015-07-01 14:41:49 -04:00
Aaron Levy
e991a1543f Use blank default for old-etcd-prefix 2015-06-26 18:19:40 -07:00
Jordan Liggitt
64d61185eb Re-enable ECDSA private server key use 2015-06-16 23:03:29 -04:00
Mike Danese
677855f1a9 fix longRunningRequestRE to something that doesn'tt push -f orig match pretty much all requests. 2015-06-16 13:48:10 -07:00
Justin Santa Barbara
6f3879e3bb Actually pass down ServiceNodePortRange so it is used 
Also fix default range to match what we've documented (off-by-one)

Fix #9318
 2015-06-08 18:03:42 -04:00
krousey
5aa0219ada Merge pull request #9292 from cjcullen/test_pull_8946 
Add an ssh tunnel option to the /proxy endpoint
 2015-06-08 14:30:12 -07:00
CJ Cullen
cb317604ab Some refactoring. Only selectively use ssh proxy. 
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
 2015-06-05 14:55:16 -07:00
Brendan Burns
5115fd5703 Add key generation. 2015-06-05 14:55:15 -07:00
Brendan Burns
30a89968a4 Initial proxy tunnelling. 2015-06-05 14:54:20 -07:00
Prashanth Balasubramanian
50eb9ad598 Use https only for the kubelet port 2015-06-05 14:06:38 -07:00
Chao Xu
ef61b031f5 make v1 enabled by default 2015-06-04 11:37:44 -07:00
Daniel Smith
1690617ee6 remove ro service 2015-06-03 16:45:54 -07:00
Prashanth Balasubramanian
0162529ea5 Default minRequestTimeout to 1800s 2015-06-03 08:47:45 -07:00
Prashanth Balasubramanian
448867073d Pipe minRequestTimeout as an arg to the apiserver 2015-06-03 08:44:14 -07:00