mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Graduate ServiceAccountIssuerDiscovery to beta
This commit is contained in:
parent
0fd10997df
commit
4f850f97de
@ -230,6 +230,7 @@ const (
|
|||||||
|
|
||||||
// owner: @mtaufen
|
// owner: @mtaufen
|
||||||
// alpha: v1.18
|
// alpha: v1.18
|
||||||
|
// beta: v1.20
|
||||||
//
|
//
|
||||||
// Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service
|
// Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service
|
||||||
// account issuer in the API server.
|
// account issuer in the API server.
|
||||||
@ -682,7 +683,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
|||||||
TokenRequest: {Default: true, PreRelease: featuregate.Beta},
|
TokenRequest: {Default: true, PreRelease: featuregate.Beta},
|
||||||
TokenRequestProjection: {Default: true, PreRelease: featuregate.Beta},
|
TokenRequestProjection: {Default: true, PreRelease: featuregate.Beta},
|
||||||
BoundServiceAccountTokenVolume: {Default: false, PreRelease: featuregate.Alpha},
|
BoundServiceAccountTokenVolume: {Default: false, PreRelease: featuregate.Alpha},
|
||||||
ServiceAccountIssuerDiscovery: {Default: false, PreRelease: featuregate.Alpha},
|
ServiceAccountIssuerDiscovery: {Default: true, PreRelease: featuregate.Beta},
|
||||||
CRIContainerLogRotation: {Default: true, PreRelease: featuregate.Beta},
|
CRIContainerLogRotation: {Default: true, PreRelease: featuregate.Beta},
|
||||||
CSIMigration: {Default: true, PreRelease: featuregate.Beta},
|
CSIMigration: {Default: true, PreRelease: featuregate.Beta},
|
||||||
CSIMigrationGCE: {Default: false, PreRelease: featuregate.Beta}, // Off by default (requires GCE PD CSI Driver)
|
CSIMigrationGCE: {Default: false, PreRelease: featuregate.Beta}, // Off by default (requires GCE PD CSI Driver)
|
||||||
|
@ -169,6 +169,23 @@ items:
|
|||||||
- apiGroup: rbac.authorization.k8s.io
|
- apiGroup: rbac.authorization.k8s.io
|
||||||
kind: Group
|
kind: Group
|
||||||
name: system:unauthenticated
|
name: system:unauthenticated
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
||||||
|
creationTimestamp: null
|
||||||
|
labels:
|
||||||
|
kubernetes.io/bootstrapping: rbac-defaults
|
||||||
|
name: system:service-account-issuer-discovery
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:service-account-issuer-discovery
|
||||||
|
subjects:
|
||||||
|
- apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Group
|
||||||
|
name: system:serviceaccounts
|
||||||
- apiVersion: rbac.authorization.k8s.io/v1
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1220,6 +1220,21 @@ items:
|
|||||||
- /version/
|
- /version/
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
rbac.authorization.kubernetes.io/autoupdate: "true"
|
||||||
|
creationTimestamp: null
|
||||||
|
labels:
|
||||||
|
kubernetes.io/bootstrapping: rbac-defaults
|
||||||
|
name: system:service-account-issuer-discovery
|
||||||
|
rules:
|
||||||
|
- nonResourceURLs:
|
||||||
|
- /.well-known/openid-configuration
|
||||||
|
- /openid/v1/jwks
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
- apiVersion: rbac.authorization.k8s.io/v1
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
|
Loading…
Reference in New Issue
Block a user