github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
74,597 Commits
31 Branches
881 Tags
633 MiB
Commit Graph

23 Commits (07428f7e5d6176cbb0c44cf7eb83c182d6ecc1d4)

Author SHA1 Message Date
walter 2af982abb9 Fixes lint errors in kubeapiserver packages 
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
 2018-11-04 17:22:41 -08:00
yue9944882 f624a4efb8 externalize node admission 
fixes internal pod annotation reference

completely strip internal informers from authz initialization
 2018-08-21 23:33:03 +08:00
yue9944882 e7d0983707 externalize pv informer in node authorizer 2018-08-17 11:14:43 +08:00
yue9944882 bc1fb1f7e8 node authz/ad externalization 2018-08-09 10:57:30 +08:00
David Eads 092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
Michael Taufen ab8dc12333 node authorizer sets up access rules for dynamic config 
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.

I also added some validation to the node strategy, which I discovered we
were missing while writing this.
 2018-03-27 08:49:45 -07:00
hzxuzhonghu 755df0461d validate authorization flags in BuiltInAuthorizationOptions.Validate 2018-03-26 20:37:02 +08:00
NickrenREN 7b9d2c046f Use v1beta1 VolumeAttachment 2018-01-31 18:46:11 +08:00
Jordan Liggitt ecfd18e2a6
Add get volumeattachments support to Node authorizer 2018-01-17 00:00:18 -05:00
Jordan Liggitt ba09fadecf
Plumb versioned informers to authz config 2018-01-16 23:30:53 -05:00
xilabao f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Monis Khan 8e7893e541
Refactor RBAC authorizer entry points 
This change refactors various RBAC authorizer functions to be more
flexible in their inputs.  This makes it easier to reuse the various
components that make up the authorizer.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-16 11:43:39 -04:00
Jordan Liggitt d65610bf2f
Remove default binding of system:node role to system:nodes group 2017-07-26 13:53:14 -04:00
Kubernetes Submit Queue 77a8c25839 Merge pull request #46212 from CaoShuFeng/RBACSuperUser 
Automatic merge from submit-queue (batch tested with PRs 46394, 46650, 46436, 46673, 46212)

Remove deprecated variable RBACSuperUser

authorization-rbac-super-user is deprecated now. So we can remove
the vaiable. Further more the comment about this variable is wrong.
Remove them also.

**Release note**:
```NONE
```
 2017-05-31 00:14:11 -07:00
Jordan Liggitt fc8e915a4b
Add Node authorization mode based on graph of node-related objects 2017-05-30 16:53:03 -04:00
Cao Shufeng b5e6859d92 Remove deprecated variable RBACSuperUser 
authorization-rbac-super-user is deprecated now. So we can remove
the vaiable. Further more the comment about this variable is wrong.
Remove them also.
 2017-05-22 19:10:32 +08:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Lucas Käldström ab344da565
Move the authorization mode constants into a separate package 2017-02-23 15:27:16 +02:00
deads2k 0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski 4beba154b4 genericapiserver: move authz webhook plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k a3564c0aa8 start kubeapiserver package for sharing between kubeapiserver and federation 2016-12-22 07:43:42 -05:00