github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
72,052 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

71 Commits (498cd61f41e31b52f4efb0f14703b954e1a62c1d)

Author SHA1 Message Date
Mike Danese bcd492e86e use more specific authenticator.Audiences type in TokenRequest registry 2018-10-23 00:16:17 -07:00
Antoine Pelisse 03b1e14101 dry-run: Create new options for Update/Create and pass it along 2018-07-12 07:18:37 -07:00
Kubernetes Submit Queue 2da49321e6
Merge pull request #63653 from WanLinghao/token_expiry_limit 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add limit to the TokenRequest expiration time

**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.


**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #63575

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-06-27 00:31:08 -07:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
WanLinghao f16470c3f1 This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster. 2018-06-14 09:31:50 +08:00
Mike Danese dc9e3f1b3e svcacct: validate min and max expiration seconds on TokenRequest 2018-05-30 17:32:49 -07:00
Mike Danese f39ec8b333 add myself as an approver in various auth related directories 
matching the subprojects I work on:

https://docs.google.com/document/d/1RJvnSPOJ3JC61gerCpCpaCtzQjRcsZ2tXkcyokr6sLY/edit
 2018-05-17 11:32:37 -07:00
Cao Shufeng 5eefd7d012 not expose object detail when creating TokenRequest 2018-05-02 11:01:02 +08:00
David Eads 8ae62517da remove rootscopedkinds from groupmeta 2018-05-01 13:08:23 -04:00
David Eads 6900f8856f rest mappings cannot logically be object converters 2018-04-26 12:47:25 -04:00
Mike Danese 54fd2aaefd replace request.Context with context.Context 2018-04-24 08:59:00 -07:00
Cao Shufeng da788a1a06 fix error message of TokenRequest 2018-04-18 16:59:16 +08:00
Maciej Szulik 5630d29552
Add missing table converters for server side printing 2018-02-28 17:27:45 +01:00
Mike Danese 024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Mike Danese 1fbf8b8f2a svcacct: move getters to use an external clientset 2018-02-27 17:20:46 -08:00
Mike Danese b2ceeedd67 tokenrequest: tokens bound to pods running as other svcaccts 2018-02-24 22:18:24 -08:00
Mike Danese 8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski d4d53c0e2a apiserver: remove unneeded scheme from registry tester 2017-11-20 09:39:44 +01:00
Dr. Stefan Schimanski 0b100cb69b registry: move generic registry tester into k8s.io/apiserver 2017-11-16 09:03:42 +01:00
Dr. Stefan Schimanski 3410f536f4 registry: cut-off kube dependencies from registrytest 2017-11-16 08:57:58 +01:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Dr. Stefan Schimanski cad0364e73 Update bazel 2017-10-18 17:24:04 +02:00
Dr. Stefan Schimanski 7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Dr. Stefan Schimanski 509df603b1 apimachinery: mechanical removal of ObjectCopier plumbing 2017-10-06 19:21:03 +02:00
Clayton Coleman fc2d201e15
Allow watch cache to be disabled per type 
Currently setting watch cache size for a given resource does not disable
the watch cache. This commit adds a new `default-watch-cache-size` flag
to map to the existing field, and refactors how watch cache sizes are
calculated to bring all of the code into one place. It also adds debug
logging to startup to allow us to verify watch cache enablement in
production.
 2017-09-08 13:42:28 -04:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
deads2k ec397c4374 convert default predicates to use the default 2017-08-07 09:05:17 -04:00
Shiyang Wang 2eda19da7b Fix NotFound errors do not line up with API endpoint's group version 2017-08-07 16:30:40 +08:00
Clayton Coleman 2568a92119
Grow signature for predicate attributes to include init status 2017-06-02 22:09:04 -04:00
Monis Khan ed35deb69d
Default ObjectNameFunc for all REST Stores 
All Stores in Kubernetes follow the same logic for determining the name
of an object.  This change makes it so that CompleteWithOptions defaults
the ObjectNameFunc if it is not specified.  Thus a user does not need to
remember to use ObjectMeta.Name.  Using the wrong field as the name can
lead to an object which has a name that bypasses normal object name
validation.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-04-21 15:47:25 -04:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
nikhiljindal 1d32897eed Updating the registry to return whether the resource was immediately deleted 2017-02-21 11:00:35 -08:00
p0lyn0mial b2cce0ac8e added short names for resources which are exposed during discovery 2017-02-06 23:35:07 +01:00
Dr. Stefan Schimanski 6af3210d6f Update generated files 2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Dr. Stefan Schimanski 80b96b441b Mechanical import fixup: pkg/storage 2017-02-03 07:33:43 +01:00
Dr. Stefan Schimanski de2eee391a Update bazel 2017-02-02 15:19:04 +01:00
Dr. Stefan Schimanski b8142896a7 pkg/genericapiserver: cut off pkg/registry/cachesize dependency 2017-02-02 15:19:03 +01:00
deads2k 1ef5d26079 move pkg/storage to apiserver 2017-01-31 19:07:33 -05:00
deads2k 9fb37f3bba remove storage dependency on api 2017-01-27 14:02:28 -05:00
Clayton Coleman 469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
Clayton Coleman a35be4e02e
Update registries to use metainternalversion list options 2017-01-23 17:52:45 -05:00
deads2k 11e8068d3f move pkg/fields to apimachinery 2017-01-19 09:50:16 -05:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00