mirror of https://github.com/k3s-io/k3s
1f4e2efc5b
Automatic merge from submit-queue (batch tested with PRs 41357, 41178, 41280, 41184, 41278) Switch RBAC subject apiVersion to apiGroup in v1beta1 Referencing a subject from an RBAC role binding, the API group and kind of the subject is needed to fully-qualify the reference. The version is not, and adds complexity around re-writing the reference when returning the binding from different versions of the API, and when reconciling subjects. This PR: * v1beta1: change the subject `apiVersion` field to `apiGroup` (to match roleRef) * v1alpha1: convert apiVersion to apiGroup for backwards compatibility * all versions: add defaulting for the three allowed subject kinds * all versions: add validation to the field so we can count on the data in etcd being good until we decide to relax the apiGroup restriction ```release-note RBAC `v1beta1` RoleBinding/ClusterRoleBinding subjects changed `apiVersion` to `apiGroup` to fully-qualify a subject. ServiceAccount subjects default to an apiGroup of `""`, User and Group subjects default to an apiGroup of `"rbac.authorization.k8s.io"`. ``` @deads2k @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-pr-reviews |
||
|---|---|---|
| .. | ||
| apps/v1beta1 | ||
| authentication.k8s.io | ||
| authorization.k8s.io | ||
| autoscaling | ||
| batch | ||
| certificates.k8s.io/v1beta1 | ||
| extensions/v1beta1 | ||
| policy/v1beta1 | ||
| rbac.authorization.k8s.io | ||
| storage.k8s.io/v1beta1 | ||
| v1 | ||
| README.md | ||
| labels-annotations-taints.md | ||
README.md
API Reference
Use the following reference docs to understand the kubernetes REST API for various API group versions:
- v1: operations, model definitions
- extensions/v1beta1: operations, model definitions
- batch/v1: operations, model definitions
- autoscaling/v1: operations, model definitions