github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
76,501 Commits
31 Branches
881 Tags
634 MiB
Commit Graph

41 Commits (1ba3e9873359f4ae34522f350e35f8d9e13b96e6)

Author SHA1 Message Date
Mehdy Bohlool d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
Jordan Liggitt 17aa60686e Deprecate and remove use of alpha metadata.initializers field, remove IncludeUninitialized options 2019-01-23 16:34:43 -05:00
Mike Danese 1244ee6651 migrate service account volume to a projected volume 
When BoundServiceAccountTokenVolume feature is enabled.
 2018-11-16 19:32:44 +00:00
yue9944882 17306b540b externalize serviceaacount admission controller 
remove unused internal serviceaccount util
 2018-08-22 11:41:54 +08:00
jennybuckley adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Mike Danese 91feb345aa implement service account token projection 2018-06-04 17:22:08 -07:00
Joe Betz 9d13d1baec Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 2017-11-14 10:46:43 -08:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Chao Xu bf6155b08c make admission plugins handle mutating spec of uninitialized pods 2017-08-17 12:51:09 -07:00
Andy Goldstein 9f95cf7b4f serviceaccount admission: return correct tokens 
Fix a bug in serviceaccount admission introduced when we switched
everything to use shared informers. That change accidentally reused the
list of secrets instead of creating a new one, resulting in all secrets
in the namespace being returned as possible service account tokens,
instead of limiting it only to the actual service account tokens, as it
did before the shared informer conversion. This also adds a unit test to
ensure there is no future regression here.
 2017-04-05 12:59:04 -04:00
deads2k d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Eric Chiang 2bdaac5594 plugin/pkg/admission/serviceaccount: prefer first referenced secret 
When a pod uses a service account that references multiple secrets,
prefer the secrets in the order they're listed.

Without this change, the added test fails:

    --- FAIL: TestMultipleReferencedSecrets (0.00s)
            admission_test.go:832: expected first referenced secret to be mounted, got "token2"
 2017-01-25 10:42:39 -08:00
deads2k 01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
deads2k 77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k 2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Jordan Liggitt 29252acd1a Change rest storage Update interface to retrieve updated object 
Add OldObject to admission attributes

Update resthandler Patch/Update admission plumbing
 2016-05-23 21:09:26 -04:00
k8s-merge-robot 009ae748a5 Merge pull request #25830 from smarterclayton/init_container_psp 
Automatic merge from submit-queue

Add init containers to PSP admission

Treat them just like regular containers.

@pweil-
 2016-05-21 16:01:13 -07:00
Clayton Coleman 88b39cadf8
Have the service account controller force retry 
Service account controller, when API token not found, now sends 500 with
Retry-After: 1s. Also change the apiserver to actually write the error.
 2016-05-19 09:08:57 -04:00
Clayton Coleman 588f15844b
Add init container support to other admission controllers 2016-05-18 22:32:25 -04:00
deads2k 0061479890 fully qualify admission resources and kinds 2016-04-26 07:55:33 -04:00
deads2k 9d22f8b5a7 prevent disallowed secret refs from leaking via the downward API 2016-03-11 13:27:50 -05:00
Chao Xu ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu cddd7b56a4 replace client with clientset in kubelet and other places 2016-02-02 20:28:45 -08:00
deads2k 3f045cf168 udpate admission for API groups 2015-12-07 08:55:01 -05:00
deads2k 7ae4d4f424 allow enforcing SA mountable secrets per SA 2015-12-03 13:53:01 -05:00
Yu-Ju Hong 098ab05997 kubelet: move common types to kubelet/types 
This would faciliate tasks such as moving code in pkg/kubelet to sub packages.
 2015-10-08 14:38:01 -07:00
Kris Rousey ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt ecebac9395 Add option to require API tokens to exist in admission 2015-06-30 16:12:45 -04:00
derekwaynecarr f6fb72ec51 Admission control attributes has access to resource name 2015-06-23 13:54:55 -04:00
Jeff Lowdermilk 0c7fbacfb1 Merge pull request #10052 from derekwaynecarr/admission_subresources 
Admission control exposes subresource
 2015-06-22 13:11:58 -07:00
Jordan Liggitt 68a8a25494 Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1 2015-06-18 22:38:00 -04:00
derekwaynecarr fce7adf3e7 Admission control exposes subresource 2015-06-18 15:00:46 -04:00
deads2k 590bd048a5 add pull secrets to service accounts 2015-05-22 14:05:19 -04:00
Cesar Wong 68ad63b5e2 Add operation checking to admission control handlers 
Adds a new method to the handler interface that returns true only if the
admission control handler handles that operation.
 2015-05-21 13:51:43 -04:00
Paul Weil aaeb1dad93 expose user info to admission controllers 2015-05-13 21:31:51 -04:00
Jordan Liggitt 7e14a80f63 ServiceAccount admission plugin 2015-05-11 17:18:06 -04:00