mirror of https://github.com/k3s-io/k3s
7d5dc528a0
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. ScaleIO - Ability to specify Secret's name and namespace **What this PR does / why we need it**: This PR is to decouple the ScaleIO secret from the same namespace as that of the StorageClass/PVC/PV that uses it (#53619). Currently, authorized non-admin k8s user, who creates volumes, may end up having unauthorized access to ScaleIO secret information. This PR introduces secret parameter that allows specification of secret's namespace. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #53619 **Release note**: ```release-note ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the `secretNamespace` storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the value `default` ``` |
||
|---|---|---|
| .. | ||
| endpoints | ||
| helper | ||
| node | ||
| pod | ||
| resource | ||
| service | ||
| validation | ||
| BUILD | ||
| OWNERS | ||
| conversion.go | ||
| conversion_test.go | ||
| defaults.go | ||
| defaults_test.go | ||
| doc.go | ||
| register.go | ||
| zz_generated.conversion.go | ||
| zz_generated.defaults.go | ||