github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
74,066 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

99 Commits (6af7d2cb1a2dd0d9ab7c3c9f2d9650959e4533d4)

Author SHA1 Message Date
Jordan Liggitt 1a15d80967 generated 2019-01-23 16:34:44 -05:00
Jordan Liggitt 17aa60686e Deprecate and remove use of alpha metadata.initializers field, remove IncludeUninitialized options 2019-01-23 16:34:43 -05:00
Mike Danese 1244ee6651 migrate service account volume to a projected volume 
When BoundServiceAccountTokenVolume feature is enabled.
 2018-11-16 19:32:44 +00:00
Jordan Liggitt 360a890c58 serviceaccount subproject approvers/reviewers 2018-11-06 00:57:39 -05:00
yue9944882 17306b540b externalize serviceaacount admission controller 
remove unused internal serviceaccount util
 2018-08-22 11:41:54 +08:00
jennybuckley adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Mike Danese 91feb345aa implement service account token projection 2018-06-04 17:22:08 -07:00
Mike Danese f39ec8b333 add myself as an approver in various auth related directories 
matching the subprojects I work on:

https://docs.google.com/document/d/1RJvnSPOJ3JC61gerCpCpaCtzQjRcsZ2tXkcyokr6sLY/edit
 2018-05-17 11:32:37 -07:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Joe Betz 9d13d1baec Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 2017-11-14 10:46:43 -08:00
Kubernetes Submit Queue c2a5a79ed6
Merge pull request #55252 from deads2k/admission-15-save-SA 
Automatic merge from submit-queue (batch tested with PRs 53651, 55252). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

split serviceaccount admission into mutation and validation

Splits the SA admission plugin into mutation and validation halves.

I had some trouble with e2e tests before, so this got split out of another pull.
 2017-11-09 06:18:11 -08:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
David Eads d701834c80 split serviceaccount admission into mutation and validation 2017-11-07 12:12:28 -05:00
Dr. Stefan Schimanski aedcf681b3 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 2017-11-02 09:29:55 +01:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Kubernetes Submit Queue afabd09889 Merge pull request #50876 from enj/enj/f/owners_reviewer 
Automatic merge from submit-queue

Add enj as reviewer to OWNERS

Adding myself as a reviewer for the following areas:

- API
- auth
- registry
- storage (etcd)

Signed-off-by: Monis Khan <mkhan@redhat.com>

**Release note**:

```release-note
NONE
```

@kubernetes/sig-api-machinery-pr-reviews
@kubernetes/sig-auth-pr-reviews
 2017-08-18 05:42:07 -07:00
Monis Khan dd06794bc2
Add enj as reviewer to OWNERS 
Adding myself as a reviewer for the following areas:

- API
- auth
- registry
- storage (etcd)

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-17 20:42:46 -04:00
Chao Xu bf6155b08c make admission plugins handle mutating spec of uninitialized pods 2017-08-17 12:51:09 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
p0lyn0mial c5019bf696 remove init blocks from all admission plugins 2017-05-23 22:00:32 +02:00
p0lyn0mial 3f8d6e9210 Change all the existing admission init blocks to call a Register function 
this is a two stage refactor when done there will be no init block in admission plugins.
Instead all plugins expose Register function which accept admission.Plugins instance.
The registration to global plugin registry happens inside Register func.
 2017-05-18 22:25:01 +02:00
Jordan Liggitt cd3a1187a1
Require nodeName for mirror pods, make mirror pod annotation immutable 2017-05-13 22:34:41 -04:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Dr. Stefan Schimanski 63f547e1b1 pkg/admission: make plugin registry non-global 2017-04-12 11:37:25 +02:00
Andy Goldstein 9f95cf7b4f serviceaccount admission: return correct tokens 
Fix a bug in serviceaccount admission introduced when we switched
everything to use shared informers. That change accidentally reused the
list of secrets instead of creating a new one, resulting in all secrets
in the namespace being returned as possible service account tokens,
instead of limiting it only to the actual service account tokens, as it
did before the shared informer conversion. This also adds a unit test to
ensure there is no future regression here.
 2017-04-05 12:59:04 -04:00
deads2k d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Kubernetes Submit Queue 2eef3b1a14 Merge pull request #41957 from liggitt/mirror-pod-secrets 
Automatic merge from submit-queue (batch tested with PRs 41814, 41922, 41957, 41406, 41077)

Use consistent helper for getting secret names from pod

Kubelet secret-manager and mirror-pod admission both need to know what secrets a pod spec references. Eventually, a node authorizer will also need to know the list of secrets.

This creates a single (well, double, because api versions) helper that can be used to traverse the secret names referenced from a pod, optionally short-circuiting (for places that are just looking to see if any secrets are referenced, like admission, or are looking for a particular secret ref, like authorization)

Fixes:
* secret manager not handling secrets used by env/envFrom in initcontainers
* admission allowing mirror pods with secret references

@smarterclayton @wojtek-t
 2017-02-26 10:22:51 -08:00
Andy Goldstein 022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Jordan Liggitt a5526304bc
Use consistent helper for getting secret names from pod 2017-02-23 00:40:17 -05:00
Jordan Liggitt 0d6e877de2
Add automountServiceAccountToken field to PodSpec and ServiceAccount types 2017-02-15 16:04:09 -05:00
Kubernetes Submit Queue e9819106e0 Merge pull request #40467 from liggitt/serviceaccount-owners 
Automatic merge from submit-queue

Add serviceaccount owners files

Poor @derekwaynecarr is the sole approver/reviewer for the entire admission package.

This adds OWNERS files for service account controller and admission packages
 2017-01-25 15:07:59 -08:00
Jordan Liggitt ecb632abc4
Add serviceaccount owners files 2017-01-25 15:42:15 -05:00
Eric Chiang 2bdaac5594 plugin/pkg/admission/serviceaccount: prefer first referenced secret 
When a pod uses a service account that references multiple secrets,
prefer the secrets in the order they're listed.

Without this change, the added test fails:

    --- FAIL: TestMultipleReferencedSecrets (0.00s)
            admission_test.go:832: expected first referenced secret to be mounted, got "token2"
 2017-01-25 10:42:39 -08:00
deads2k b0b156b381 make tools/cache authoritative 2017-01-25 08:29:45 -05:00
Clayton Coleman 469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k 11e8068d3f move pkg/fields to apimachinery 2017-01-19 09:50:16 -05:00
deads2k 01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
deads2k a3e71b2cef move name generation to generic api server storage helpers 2017-01-16 16:04:04 -05:00
deads2k 77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k 2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Wojciech Tyczynski aa7da5231f Update bazel files 2016-12-09 09:42:02 +01:00