github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
76,791 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

507 Commits (8574e3e3f4d14125014d22d9311ac1765863fcb6)

Author SHA1 Message Date
Guoliang Wang 128fd8843d Move cloud-specific roles out of RBAC bootstrap 2019-04-02 19:17:53 +08:00
Kubernetes Prow Robot 531dbd409f
Merge pull request #75445 from shinytang6/enhance/fmt 
Replace all time.Now().Sub with time.Since
 2019-03-26 13:55:17 -07:00
WanLinghao 244b244f9d Migrate the controller to use TokenRequest and rotate token periodically 2019-03-25 14:54:22 +08:00
shinytang6 5c9f4d9dc6 replace time.Now().Sub with time.Since 2019-03-21 18:02:55 +08:00
Tim Allclair 0604256d6c Update tests for RuntimeClass beta 2019-03-08 13:21:52 -08:00
David Zhu 41b3579345 Address review comments 2019-03-07 17:17:09 -08:00
David Zhu 7d2f4e97b8 Add ADC Fallback if Node doesn't have driver installed 2019-03-07 14:47:38 -08:00
Kubernetes Prow Robot 6c31101257
Merge pull request #74283 from xing-yang/csi_crd_controller 
CSINodeInfo and CSIDriver Controller Changes
 2019-03-05 04:44:42 -08:00
Kubernetes Prow Robot 02bd34e7b0
Merge pull request #74531 from liggitt/ingress-rbac 
Update RBAC roles for networking.k8s.io ingresses
 2019-03-05 00:48:01 -08:00
Xing Yang 85867e5625 Modify node admission and node authorizer 2019-03-04 16:42:12 -08:00
Kubernetes Prow Robot f16035600a
Merge pull request #73807 from dekkagaijin/discovery-hardening 
harden the default RBAC discovery clusterrolebindings
 2019-03-01 21:49:30 -08:00
Jake Sanders 9c7d31928d harden the default RBAC discovery clusterrolebindings 2019-03-01 18:45:05 -08:00
Andrew Kim 01933b02a3 replace usage of v1beta1 VolumeAttachments with v1 2019-02-27 15:42:12 -05:00
Jordan Liggitt 85165b40fa Update RBAC roles for networking.k8s.io ingresses 2019-02-25 11:40:44 -05:00
Kubernetes Prow Robot 834c9a5e3d
Merge pull request #72491 from liggitt/delegated-auth-permissions 
Ensure controller manager and scheduler can perform delegated auth checks
 2019-02-08 11:53:52 -08:00
Jordan Liggitt 4212a9a05a Ensure controller manager and scheduler can perform delegated auth checks 2019-02-08 11:15:52 -05:00
Roy Lenferink b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Jordan Liggitt 52519ecb1c remove deprecated openapi paths in favor of /openapi/v2 2019-01-21 16:33:41 -05:00
Jordan Liggitt 9229399bd6 Remove build/verify scripts for swagger 1.2 API docs, API server swagger ui / swagger 1.2 config 2019-01-15 13:33:06 -05:00
Jordan Liggitt 73dcfe12da Stop checking VolumeScheduling feature gate 2018-12-27 17:45:45 -05:00
wojtekt 546ece7b2c Promote NodeLease to Beta and enable by default 2018-12-17 10:19:22 +01:00
k8s-ci-robot 5289fab2f6
Merge pull request #71396 from liggitt/forbidden-messages 
Improve node authorizer and noderestriction forbidden messages
 2018-11-30 00:04:46 -08:00
WanLinghao 0bab5ee5ad Currently the root-ca-cert-publisher was shadowed by BoundServiceAccountTokenVolume feature gate. 
But its corresponding bootstrap RBAC policy was shadowed by TokenRequest feature gate.
This patch fix it.
 2018-11-27 11:44:35 +08:00
Jordan Liggitt 16e355791f Improve node authorizer and noderestriction forbidden messages 2018-11-24 09:31:10 -05:00
Jordan Liggitt 8d7cc39031 Remove self-deletion permissions from kubelets 2018-11-14 00:42:06 -05:00
k8s-ci-robot 94c5953904
Merge pull request #70699 from liggitt/controllerrevisions 
Include read access to controllerrevisions for admin/edit/view roles
 2018-11-11 21:17:39 -08:00
Davanum Srinivas 954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
k8s-ci-robot f212b9db23
Merge pull request #70598 from dims/switch-from-sigs.k8s.io/yaml-to-ghodss/yaml 
Switch to sigs.k8s.io/yaml from ghodss/yaml
 2018-11-08 10:57:36 -08:00
k8s-ci-robot 3f5db92840
Merge pull request #68812 from WanLinghao/token_projection_ca_secret_create 
Create Ca-certificate configmap  used by token projected volume
 2018-11-08 10:57:25 -08:00
WanLinghao efac533f92 To inject ca.crt into container when projected volume was specified, configmap should be created in each namespace. 
This patch add a controller called "root-ca-cert-publisher" to complete above job as well as some bootstrap rbac policies.
 2018-11-08 11:33:47 +08:00
Davanum Srinivas 43f523d405
Switch to sigs.k8s.io/yaml from ghodss/yaml 
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31
 2018-11-07 13:17:32 -05:00
Jordan Liggitt 001627000f Include read access to controllerrevisions for admin/edit/view roles 2018-11-06 10:23:39 -05:00
Jordan Liggitt 4cbdc98df3 node-isolation approvers/reviewers 2018-11-06 00:57:39 -05:00
Jordan Liggitt 9ae79f9653 authorizers subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Jordan Liggitt 4fa2a0cc8a authenticators subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Samuel Davidson 3558f83957 Revert "Improve multi-authorizer errors" 
This reverts commit 1c012f1c49.
 2018-10-29 11:05:45 -07:00
zuoxiu.jm e3b61ea9cf switch informer in token authn 2018-10-24 15:46:55 +08:00
Mike Danese e5227216c0 rebase authenticators onto new interface. 2018-10-22 10:16:59 -07:00
Eric Chiang 766f5875bf Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.
 2018-10-11 18:11:15 -07:00
Yu Liao fc21115c3f Moved staging/src/k8s.io/client-go/tools/bootstrap to staging/src/k8s.io/cluster-bootstrap 2018-10-02 09:46:13 -07:00
Dalton Hubble dfc3c83e64 Add configmap get to system:kube-controller-manager 
* v1.12.x kube-controller-manager tries to get the
extension-apiserver-authentication ConfigMap by default
 2018-09-26 22:03:27 +02:00
Cheng Xing 4ca39ef0ed Consolidated CSIDriver logic under CSIDriverRegistry flag 2018-09-10 13:34:40 -07:00
Cheng Xing 94d649b590 Rearranged feature flags 2018-09-07 17:45:27 -07:00
Cheng Xing becc6a9c19 Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction. 2018-09-06 19:16:51 -07:00
Jan Safranek dc6be0cbf1 Add new RBAC rules for CSIDriver 
Nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
 2018-09-05 21:01:32 -04:00
Jan Safranek 4e7eca7b31 Add new RBAC rules for CSIDriver 
A/D controller and nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
 2018-09-05 10:15:43 -04:00
Janet Kuo 5186807587 Add TTL GC controller 2018-09-04 13:11:18 -07:00
Tim Allclair 0c59d4db32 Add RuntimeClass read permission for nodes 2018-08-31 18:22:13 -07:00
Kubernetes Submit Queue c081c024c7
Merge pull request #67349 from mikedanese/trbeta 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.

promote TokenRequest and projection to beta in 1.12

```release-note
TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags:
* --service-account-issuer
* --service-account-signing-key-file
* --service-account-api-audiences
```
 2018-08-30 20:09:42 -07:00
lichuqiang 4c43d626f2 related test update 2018-08-29 10:30:16 +08:00