github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
70,914 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

185 Commits (060218a862ba69488aae7edc0313ccf1b448eab6)

Author SHA1 Message Date
Mayank Kumar bc3e3afc46 api changes for psp runasgroup policy 2018-10-09 17:32:09 -07:00
Stanislav Laznicka a577b50012
Add "MayRunAs" value among other GroupStrategies 
Adds "MayRunAs" value among other group strategies. This strategy
allows to define a certain range of GIDs for FSGroupStrategy and
SupplementalGroupStrategy in a PSP.

This new strategy works similarly to the "MustRunAs" one, except that
when no GID is specified in a pod/container security context then no
GID is generated for the respective containers.

Resolves #56173
 2018-09-27 12:47:21 +02:00
Jess Frazelle 1a4cf7a36e
make update 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2018-08-30 18:24:23 -04:00
Jess Frazelle 30dcca6233
ProcMount: add api options and feature gate 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2018-08-30 11:40:02 -04:00
Kenjiro Nakayama c0eedf775e Make DisruptedPods in PodDisruptionBudgetStatus optional field 2018-08-22 21:59:37 +09:00
Di Xu 3157ff0230 use NameIsDNSSubdomain validation from staging 2018-08-14 10:38:23 +08:00
Clayton Coleman ef561ba8b5
generated: Avoid use of reflect.Call in conversion code paths 2018-07-17 23:02:16 -04:00
Dr. Stefan Schimanski f8de7cea40 Update generated files 2018-06-29 20:36:17 +02:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Dr. Stefan Schimanski 1208437f84 Update generated files 2018-06-13 12:35:13 +02:00
Seth Jennings 6729add11c sysctls: create feature gate to track promotion 2018-06-06 00:23:11 +02:00
Jan Chaloupka 3cc15363bc Run make update 2018-06-06 00:12:40 +02:00
Jan Chaloupka ab616a88b9 Promote sysctl annotations to API fields 2018-06-05 23:17:00 +02:00
Josh Horwitz c7fbcf35da Add support for enforcing read only host paths in PSPs. 2018-06-04 19:10:37 -04:00
David Eads c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
David Eads 7b4f97aca3 generated 2018-05-08 18:32:44 -04:00
Slava Semushin a0c75d028a Update autogenerated files. 2018-05-04 18:31:42 +02:00
Slava Semushin f49a0fbd5f Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type. 
We had IDRange in both types prior 9440a68744 commit that splitted it
into UserIDRange/GroupIDRange. Later, in c91a12d205 commit we had to
revert this changes because they broke backward compatibility but
UserIDRange/GroupIDRange struct left in the internal type.

This commit removes these leftovers and reduces the differences
between internal and external types.
 2018-05-04 18:31:42 +02:00
David Eads 8ae62517da remove rootscopedkinds from groupmeta 2018-05-01 13:08:23 -04:00
Kubernetes Submit Queue a38a02792b
Merge pull request #62662 from wangzhen127/runtime-default 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Change seccomp annotation from "docker/default" to "runtime/default"

**What this PR does / why we need it**:
This PR changes seccomp annotation from "docker/default" to "runtime/default", so that it is can be applied to all kinds of container runtimes. This PR is a followup of [#1963](https://github.com/kubernetes/community/pull/1963).

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #39845

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-04-26 14:33:53 -07:00
David Eads e7fbbe0e3c eliminate indirection from type registration 2018-04-25 09:02:31 -04:00
Zhen Wang e102633ae8 Change docker/default to runtime/default 2018-04-19 10:39:53 -07:00
Slava Semushin 6767e233ed Update generated files. 
In order to make it compilable I had to remove these files manually:

pkg/client/listers/extensions/internalversion/podsecuritypolicy.go
pkg/client/informers/informers_generated/internalversion/extensions/internalversion/podsecuritypolicy.go
pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/podsecuritypolicy.go
pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_podsecuritypolicy.go
 2018-04-11 18:35:24 +02:00
Slava Semushin 8a7d5707d5 PSP: move internal types from extensions to policy. 2018-04-11 18:35:09 +02:00
fisherxu b49ef6531c regenerated all files and remove all YEAR fields 2018-03-08 17:52:48 +08:00
jennybuckley c8dacd8e63 Run hack/update-all.sh 2018-02-26 17:16:14 -08:00
Kubernetes Submit Queue f8298702ff
Merge pull request #54933 from php-coder/psp_introduce_new_api_group 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Introduce PodSecurityPolicy in the policy/v1beta1 API group

Types/constants are completely the same as in `extensions/v1beta1` except that they are located outside of the `extensions` API group.

**What this PR does / why we need it**:
This is the first step for migrating PSP-related stuff away of `extensions` group. See #43214 for more information.

Also it related to https://github.com/kubernetes/features/issues/5

**Example**:
```console
$ cat restricted2.yaml 
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: restricted2
...
$ kubectl create -f restricted.yaml 
podsecuritypolicy "restricted2" created
$ kubectl get psp restricted2 -o yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
...
```

**Release note**:
```release-note
The `PodSecurityPolicy` API has been moved to the `policy/v1beta1` API group. The `PodSecurityPolicy` API in the `extensions/v1beta1` API group is deprecated and will be removed in a future release.
```
 2018-02-20 15:44:50 -08:00
Slava Semushin 29514f2883 Update generated files. 2018-02-19 20:14:28 +01:00
Slava Semushin 379683d9f4 Introduce PodSecurityPolicy in the policy/v1beta1 API group. 
PSP are completely the same as in extensions/v1beta1 except that they
are located outside of the extensions API group.
 2018-02-19 20:14:28 +01:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Allen Petersen 3d69cea1e5 Update generated files 2018-01-02 22:13:19 -08:00
Christoph Blecker 80e344644e
Regenerate all generated code 2018-01-02 00:21:07 -08:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Maciej Szulik f8ea46e8fe Use full gopath for externalTypes 2017-11-26 00:12:32 +08:00
Dr. Stefan Schimanski 3ba9d1d0e0 Remove unused pkg/apis/policy/v1alpha1 2017-11-14 13:47:29 +01:00
Dr. Stefan Schimanski 1e79dfb959 Update generated code 2017-11-10 18:26:46 +01:00
Dr. Stefan Schimanski 72809a08b9 deepcopy: remove deepcopy register tags 2017-11-10 18:25:26 +01:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 2b201ead11 Fix and update comment with api.Scheme 2017-10-30 19:54:02 +01:00
Dr. Stefan Schimanski cad0364e73 Update bazel 2017-10-18 17:24:04 +02:00
Dr. Stefan Schimanski 7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jordan Liggitt c7defb806f
Generated files 2017-08-25 15:01:08 -04:00
Kubernetes Submit Queue 9f902fef24 Merge pull request #50094 from sttts/sttts-no-importprefix 
Automatic merge from submit-queue (batch tested with PRs 50094, 48966, 49478, 50593, 49140)

apimachinery: remove pre-apigroups import path logic

Replacing #50093.
 2017-08-14 12:14:55 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
zhouhaibing089 2e5dc7d727 add fuzzer dir for each apigroup 2017-08-11 15:12:57 +08:00
Dr. Stefan Schimanski 8728576236 apimachinery: remove pre-apigroups import prefix logic 2017-08-10 13:07:54 +02:00
supereagle a1c880ece3 update generated deepcopy code 2017-07-31 22:33:00 +08:00