promenade

Commit Graph

Author	SHA1	Message	Date
Mark Burnett	04da7585ff	Refactor API server This change accomplishes 2 primary things: 1. It generalizes work to enable the EventRateLimit admission plugin. 2. It restructures the anchor so that during an upgrade an "old" anchor does not try to coordinate the injection of "new" data from configmaps/secrets. It also includes these ancillary changes: * Clean up apiserver argument specification in the chart. * De-duplicate and realign apiserver arguments in bootstrapping templates. It has the side effects of: * Adding a new field, ".apiserver.arguments" to the Genesis config, which will be the preferred way to configure bootstrapping apiservers going forward (in lieu of command_prefix). Change-Id: I33cfe80ee8e29cd79e479a7985e3c098a2288fda	2019-01-10 16:31:50 -06:00
Matt McEuen	178193be84	Add EventRateLimit admission controller Add the EventRateLimit admission controller, to allow operators to define rate limits for the k8s API server at the server, namespace, or user account level. This also * cleans up some of the parameters passed into the API server * replaces the deprecated --admission-control parameter * applies --repair-malformed-updates consistently, incl examples * removes unused batch/v2alpha1 runtime config * https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/ * removes duplicate --service-cluster-ip-range setting This PS adds EventRateLimits to the bootstrap and anchor API servers; future work will need to add it to the Keystone Webhook API server. Change-Id: I32a2d4add880e50f470e4cb0687e20d16e6e926d	2018-10-27 15:35:43 -05:00

Author

SHA1

Message

Date

Mark Burnett

04da7585ff

Refactor API server

This change accomplishes 2 primary things:
1. It generalizes work to enable the EventRateLimit admission plugin.
2. It restructures the anchor so that during an upgrade an "old" anchor
   does not try to coordinate the injection of "new" data from
   configmaps/secrets.

It also includes these ancillary changes:
* Clean up apiserver argument specification in the chart.
* De-duplicate and realign apiserver arguments in bootstrapping templates.

It has the side effects of:
* Adding a new field, ".apiserver.arguments" to the Genesis config,
  which will be the preferred way to configure bootstrapping apiservers
  going forward (in lieu of command_prefix).

Change-Id: I33cfe80ee8e29cd79e479a7985e3c098a2288fda

2019-01-10 16:31:50 -06:00

Matt McEuen

178193be84

Add EventRateLimit admission controller

Add the EventRateLimit admission controller, to allow operators to
define rate limits for the k8s API server at the server, namespace,
or user account level.

This also
* cleans up some of the parameters passed into the API server
* replaces the deprecated --admission-control parameter
* applies --repair-malformed-updates consistently, incl examples
* removes unused batch/v2alpha1 runtime config
* https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
* removes duplicate --service-cluster-ip-range setting

This PS adds EventRateLimits to the bootstrap and anchor API
servers; future work will need to add it to the Keystone
Webhook API server.

Change-Id: I32a2d4add880e50f470e4cb0687e20d16e6e926d

2018-10-27 15:35:43 -05:00

2 Commits