github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
71,985 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

37 Commits (67bbf753cbf5939f03e083adeb55f598f407463f)

Author SHA1 Message Date
k8s-ci-robot 0aba557741
Merge pull request #70600 from liggitt/sig-auth-subprojects 
Add owners/approvers aliases for sig-auth subprojects
 2018-11-06 17:55:07 -08:00
Jordan Liggitt 9ae79f9653 authorizers subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
walter 2af982abb9 Fixes lint errors in kubeapiserver packages 
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
 2018-11-04 17:22:41 -08:00
yue9944882 f624a4efb8 externalize node admission 
fixes internal pod annotation reference

completely strip internal informers from authz initialization
 2018-08-21 23:33:03 +08:00
yue9944882 e7d0983707 externalize pv informer in node authorizer 2018-08-17 11:14:43 +08:00
yue9944882 bc1fb1f7e8 node authz/ad externalization 2018-08-09 10:57:30 +08:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
David Eads 092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
Michael Taufen ab8dc12333 node authorizer sets up access rules for dynamic config 
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.

I also added some validation to the node strategy, which I discovered we
were missing while writing this.
 2018-03-27 08:49:45 -07:00
hzxuzhonghu 755df0461d validate authorization flags in BuiltInAuthorizationOptions.Validate 2018-03-26 20:37:02 +08:00
Kubernetes Submit Queue 88cfcb45ec
Merge pull request #55856 from miaoyq/replace-for-with-sets 
Automatic merge from submit-queue (batch tested with PRs 53689, 56880, 55856, 59289, 60249). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use `sets` instead of `for` statement in "IsValidAuthorizationMode"

**What this PR does / why we need it**:
Use `sets` instead of `for` statement in "IsValidAuthorizationMode", that will make the code more clearly and concisely.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
none
```
 2018-02-28 00:00:32 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
NickrenREN 7b9d2c046f Use v1beta1 VolumeAttachment 2018-01-31 18:46:11 +08:00
Jordan Liggitt ecfd18e2a6
Add get volumeattachments support to Node authorizer 2018-01-17 00:00:18 -05:00
Jordan Liggitt ba09fadecf
Plumb versioned informers to authz config 2018-01-16 23:30:53 -05:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Yanqiang Miao 96e2610a55 Use `sets` instead of `for` statement in "IsValidAuthorizationMode" 2017-11-16 15:41:49 +08:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
xilabao f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Monis Khan 8e7893e541
Refactor RBAC authorizer entry points 
This change refactors various RBAC authorizer functions to be more
flexible in their inputs.  This makes it easier to reuse the various
components that make up the authorizer.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-16 11:43:39 -04:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jordan Liggitt d65610bf2f
Remove default binding of system:node role to system:nodes group 2017-07-26 13:53:14 -04:00
Kubernetes Submit Queue 77a8c25839 Merge pull request #46212 from CaoShuFeng/RBACSuperUser 
Automatic merge from submit-queue (batch tested with PRs 46394, 46650, 46436, 46673, 46212)

Remove deprecated variable RBACSuperUser

authorization-rbac-super-user is deprecated now. So we can remove
the vaiable. Further more the comment about this variable is wrong.
Remove them also.

**Release note**:
```NONE
```
 2017-05-31 00:14:11 -07:00
Jordan Liggitt fc8e915a4b
Add Node authorization mode based on graph of node-related objects 2017-05-30 16:53:03 -04:00
Cao Shufeng b5e6859d92 Remove deprecated variable RBACSuperUser 
authorization-rbac-super-user is deprecated now. So we can remove
the vaiable. Further more the comment about this variable is wrong.
Remove them also.
 2017-05-22 19:10:32 +08:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Lucas Käldström ab344da565
Move the authorization mode constants into a separate package 2017-02-23 15:27:16 +02:00
deads2k 0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski 2b8e938128 Update generated files 2017-01-24 20:56:03 +01:00
Dr. Stefan Schimanski 4beba154b4 genericapiserver: move authz webhook plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
deads2k a3564c0aa8 start kubeapiserver package for sharing between kubeapiserver and federation 2016-12-22 07:43:42 -05:00