github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
77,479 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

164 Commits (06bc7e3e0026ea25065f59f4bd305c0b7dbbc145)

Author SHA1 Message Date
Jordan Liggitt aee1997a19 quiet integration test logs 2019-04-20 02:20:31 -04:00
Sean Sullivan abfc5bbbf7 Rename TablePrinter interface to TableGenerator 2019-04-16 12:55:30 -07:00
Kubernetes Prow Robot ed4258e5c0
Merge pull request #75264 from smarterclayton/optimize_rbac_visit 
Avoid allocating when performing VisitRulesFor on service accounts
 2019-03-20 19:19:35 -07:00
Clayton Coleman 4c87a14e6b
Avoid allocating when performing VisitRulesFor on service accounts 
Service account authorization checks are done frequently and were
observed to perform 7% of allocations on a system running e2e tests.
The allocation comes from when we walk the authorization rules to
find matching service accounts.

Optimize the check for service account names to avoid allocating.
 2019-03-13 17:40:21 -04:00
Chao Xu 3b618af0d4 Expose storage version hash 2019-03-11 10:26:56 -07:00
Kubernetes Prow Robot f16035600a
Merge pull request #73807 from dekkagaijin/discovery-hardening 
harden the default RBAC discovery clusterrolebindings
 2019-03-01 21:49:30 -08:00
Jake Sanders 9c7d31928d harden the default RBAC discovery clusterrolebindings 2019-03-01 18:45:05 -08:00
Kubernetes Prow Robot a887ae8344
Merge pull request #74208 from lrx0014/unittest 
fixes: some wrong comments
 2019-02-18 22:45:49 -08:00
renxiang 8c8a9f850b fixes: some wrong comments 2019-02-18 19:02:28 +08:00
Kubernetes Prow Robot 808f2cf0ef
Merge pull request #72525 from justinsb/owners_should_not_be_executable 
Remove executable file permission from OWNERS files
 2019-02-14 23:55:45 -08:00
Kubernetes Prow Robot ce4fd07b06
Merge pull request #71564 from liggitt/reconcile-details 
Improve reconcile output to explain what changes are being made
 2019-02-12 18:45:13 -08:00
Roy Lenferink b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Justin SB dd19b923b7
Remove executable file permission from OWNERS files 2019-01-11 16:42:59 -08:00
Jordan Liggitt 74ecf8d978 Improve reconcile output to explain what changes are being made 2018-11-29 10:55:38 -05:00
Davanum Srinivas 954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
Jordan Liggitt 9ae79f9653 authorizers subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Monis Khan 543dcb6de5
Tolerate lack of namespace permissions in RBAC reconciliation 
This change updates the RBAC reconciliation logic to not fail if the
user does not have the ability to create namespaces.  Thus if the
namespace already exists, the user only needs to pass the standard
escalation check for RBAC roles and role bindings.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2018-10-29 11:30:04 -04:00
Antoine Pelisse 03b1e14101 dry-run: Create new options for Update/Create and pass it along 2018-07-12 07:18:37 -07:00
Jordan Liggitt 3710ce3561
make RBAC escalation error message more useful 2018-07-06 11:49:08 -04:00
jennybuckley d10e08fc89 Allow override AllowCreateOnUpdate with new argument to Update 2018-06-28 14:24:51 -07:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Kubernetes Submit Queue d1f5cb2348
Merge pull request #65050 from sttts/sttts-deepcopy-update 
Automatic merge from submit-queue (batch tested with PRs 64895, 64938, 63700, 65050, 64957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Bump gengo to include uniform pointer deepcopy

This bumps k8s.io/gengo with uniform pointer support in deepcopy-gen.

Fixes https://github.com/kubernetes/code-generator/issues/45.
 2018-06-21 04:15:16 -07:00
Dr. Stefan Schimanski 1208437f84 Update generated files 2018-06-13 12:35:13 +02:00
Jordan Liggitt 1034efd439
Allow non-RBAC authorizers to participate in role/clusterrole escalation checks 2018-06-06 15:31:05 -04:00
David Eads 092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
Jordan Liggitt a674335ccc
Avoid copying aggregated admin/edit/view roles during bootstrap 2018-05-13 15:21:05 -04:00
David Eads c5445d3c56 simplify api registration 2018-05-08 18:33:50 -04:00
David Eads 8ae62517da remove rootscopedkinds from groupmeta 2018-05-01 13:08:23 -04:00
David Eads a89291a5de stop duplicating preferred version order 2018-04-26 10:03:36 -04:00
Mike Danese 54fd2aaefd replace request.Context with context.Context 2018-04-24 08:59:00 -07:00
Kubernetes Submit Queue ccc1fc4197
Merge pull request #61461 from WanLinghao/cluster_role_error_fix 
Automatic merge from submit-queue (batch tested with PRs 61396, 61321, 61443, 60911, 61461). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

	fix a error in return value

**What this PR does / why we need it**:
This patch fix a small bug in function GetClusterRole() which returns with wrong error info.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-03-22 03:37:22 -07:00
WanLinghao f35402e515 fix a error in return value 
modified:   pkg/registry/rbac/validation/rule.go
 2018-03-21 14:52:52 +08:00
fisherxu b49ef6531c regenerated all files and remove all YEAR fields 2018-03-08 17:52:48 +08:00
Maciej Szulik 5630d29552
Add missing table converters for server side printing 2018-02-28 17:27:45 +01:00
jennybuckley c8dacd8e63 Run hack/update-all.sh 2018-02-26 17:16:14 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Di Xu 48388fec7e fix all the typos across the project 2018-02-11 11:04:14 +08:00
hzxuzhonghu d0d1e1dcc4 refactor resource_config.go thoroughly and remove useless code in registry 2018-01-27 16:10:58 +08:00
Jordan Liggitt b4fb25261e
return reason for allowed rbac authorizations 
includes the binding, role, and subject that allowed a request so audit can make use of it
 2018-01-19 14:32:39 -05:00
Christoph Blecker 80e344644e
Regenerate all generated code 2018-01-02 00:21:07 -08:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Marcin Owsiany f9ff53d06e Do not log trailing whitespace. 2017-11-27 14:49:17 +01:00
David Eads c22fbadc0f clear resourceversion for migrated cluster roles 2017-11-22 16:16:01 -05:00
David Eads f34fb9b0ab handle clusterrole migration 2017-11-13 08:18:00 -05:00
David Eads a53e5de3db generated 2017-11-13 08:18:00 -05:00
David Eads 0f0a5223df rbac api changes for aggregation 2017-11-13 08:14:37 -05:00
Dr. Stefan Schimanski 1e79dfb959 Update generated code 2017-11-10 18:26:46 +01:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese 12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00