github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
73,212 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

15 Commits (451261f8c23fdbe527601557c9ef5404be4624c8)

Author SHA1 Message Date
Jordan Liggitt a9dc919f82 Look up service accounts from informer before trying live lookup 2018-12-06 16:48:39 -05:00
k8s-ci-robot 9c304cf0cb
Merge pull request #70157 from mikedanese/trev1 
retrofit svcacct token authenticator to support audience validation
 2018-11-14 13:16:44 -08:00
Mike Danese 67bbf753cb retrofit svcacct token authenticator to support audience validation 2018-11-13 20:38:41 -08:00
Mike Danese 06935e1c90 split TokenRequest initialization out of run and into complete and validate 2018-11-13 17:27:13 -08:00
Mike Danese 371b1e7fed promote --service-account-api-audiences to top level kube-apiserver config 
The service account authenticator isn't the only authenticator that
should respect API audience. The authentication config structure should
reflect that.
 2018-10-22 18:21:37 -07:00
Mike Danese 43eaeb8c6c svcacct: pass pod information in user.Info.Extra() when available 
Fixes https://github.com/kubernetes/kubernetes/issues/59670
 2018-08-31 11:54:50 -07:00
Mike Danese e68f14a249 jwt: support opaque signer and push errors to token generator creation 2018-08-23 12:21:56 -07:00
Chao Wang 39a4730db6 remove duplicated import 2018-08-01 13:27:42 +08:00
WanLinghao f16470c3f1 This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster. 2018-06-14 09:31:50 +08:00
Mike Danese dc9e3f1b3e svcacct: validate min and max expiration seconds on TokenRequest 2018-05-30 17:32:49 -07:00
WanLinghao 198b9e482c fix a error in serviceaccount validate. 
This error is a human-writing error.
	Small as it is, it could cause recreate Object validate
	through bug.
	This patch fix it.
 2018-04-24 14:48:37 +08:00
Mike Danese 024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Mike Danese b2ceeedd67 tokenrequest: tokens bound to pods running as other svcaccts 2018-02-24 22:18:24 -08:00
Mike Danese 32bf28daed integration: refactor, cleanup, and add more tests for TokenRequest 2018-02-23 14:59:35 -08:00
Mike Danese 8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00