github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
58,755 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

75 Commits (179d8e108e81ff189727659b4fd72b01f501d6f0)

Author SHA1 Message Date
Hemant Kumar 1b76b0b2ff Allow node to update PVC's status 
Implement node policy feature gates
Add tests for node policy update
 2017-11-22 14:32:50 -05:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese 12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Dr. Stefan Schimanski 2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Dr. Stefan Schimanski cad0364e73 Update bazel 2017-10-18 17:24:04 +02:00
Dr. Stefan Schimanski 7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jordan Liggitt e45ed2d5b9
fix typo in health check url 2017-10-03 16:44:38 -04:00
Dr. Stefan Schimanski 7d09148ad7 apiserver: separate apiserver specific configs into ExtraConfig 2017-09-08 14:16:09 +02:00
xilabao f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Huamin Chen 4525446af2 azure file volume: add secret namespace api 
Signed-off-by: Huamin Chen <hchen@redhat.com>
 2017-08-24 14:49:58 +00:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jordan Liggitt dd7be70a4a
Add rbac.authorization.k8s.io/v1 2017-08-09 17:04:54 -04:00
Jordan Liggitt d65610bf2f
Remove default binding of system:node role to system:nodes group 2017-07-26 13:53:14 -04:00
Kubernetes Submit Queue 4d2a721223 Merge pull request #48707 from danielfm/node-restriction-pod-eviction-subresource 
Automatic merge from submit-queue

Allow nodes to create evictions for its own pods in NodeRestriction admission controller

**What this PR does / why we need it**: This PR adds support for `pods/eviction` sub-resource to the NodeRestriction admission controller so it allows a node to evict pods bound to itself.

**Which issue this PR fixes**: fixes #48666

**Special notes for your reviewer**: The NodeRestriction already allows nodes to delete pods bound to itself, so allowing nodes to also delete pods via the Eviction API probably makes sense.

```release-note
NodeRestriction allows a node to evict pods bound to itself
```
 2017-07-23 04:16:51 -07:00
Daniel Fernandes Martins 81ba522bbe Make NodeRestriction admission allow evictions for bounded pods 2017-07-20 14:20:03 -03:00
Haoran Wang f02008338f add integration testing for bootstrap token auth 2017-07-20 22:34:21 +08:00
Eric Chiang e2f2ab67f2 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
 2017-07-18 16:03:15 -07:00
Jacob Simpson 8bcbbd4d08 Migrate api.Registry to testapi.Groups in tests. 2017-07-17 15:05:38 -07:00
Mike Danese 6ae11fdc5d use testmain in integration tests 2017-07-12 17:34:55 -07:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu cde4772928 run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles 2017-06-22 11:30:52 -07:00
Jordan Liggitt fc8e915a4b
Add Node authorization mode based on graph of node-related objects 2017-05-30 16:53:03 -04:00
deads2k be39283923 plumb stopch to post start hook index since many of them are starting go funcs 2017-05-11 09:16:13 -04:00
Mike Danese 21617a60ae don't use build tags to mark integration tests 2017-04-28 14:19:39 -07:00
Jordan Liggitt 7f4e5c5676
Use namespace from context 2017-03-07 14:02:13 -05:00
Jordan Liggitt 2a76fa1c8f
Switch RBAC subject apiVersion to apiGroup in v1beta1 2017-02-13 15:33:09 -05:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
deads2k 0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski 4077e0bba7 genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
Clayton Coleman 469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
Kubernetes Submit Queue ac857a5ade Merge pull request #40106 from deads2k/client-09-switch 
Automatic merge from submit-queue

make client-go more authoritative

Builds on https://github.com/kubernetes/kubernetes/pull/40103

This moves a few more support package to client-go for origination.  
 1. restclient/watch - nodep
 1. util/flowcontrol - used interface
 1. util/integer, util/clock - used in controllers and in support of util/flowcontrol
 2017-01-19 06:34:49 -08:00
deads2k cdb2934bbc remove kubernetes copy of clientcmd types 2017-01-19 07:39:19 -05:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
Kubernetes Submit Queue 302d3ab1d7 Merge pull request #39625 from deads2k/rbac-36-beta 
Automatic merge from submit-queue (batch tested with PRs 39625, 39842)

Add RBAC v1beta1

Add `rbac.authorization.k8s.io/v1beta1`.  This scrubs `v1alpha1` to remove cruft, then add `v1beta1`.  We'll update other bits of infrastructure to code to `v1beta1` as a separate step.

```release-note
The `attributeRestrictions` field has been removed from the PolicyRule type in the rbac.authorization.k8s.io/v1alpha1 API. The field was not used by the RBAC authorizer.
```

@kubernetes/sig-auth-misc @liggitt @erictune
 2017-01-18 10:19:11 -08:00
deads2k e74efe41a0 add rbac v1beta1 2017-01-18 09:49:33 -05:00
deads2k 4f915039e4 move pkg/client/transport to client-go 2017-01-18 07:56:01 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
deads2k f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
Timothy St. Clair fbc5323dad Refactor registry to use store vs. etcd 2017-01-12 09:23:38 -06:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jordan Liggitt a2670d3b9d
Allow rolebinding/clusterrolebinding with explicit bind permission check 2017-01-10 14:34:33 -05:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Jordan Liggitt 742ef34484
Convert user/group * to match authenticated users only in ABAC 2016-12-19 13:41:35 -05:00