github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 09:52:49 +00:00
Code Issues Projects Releases Wiki Activity
115,151 Commits 42 Branches 7,874 Tags 1.3 GiB
master
Commit Graph

245 Commits

Author SHA1 Message Date
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Max Goltzsche
df8fa2eab5
bump go-jose to v2.6.0 
Update go-jose from v2.2.2 to v2.6.0.
This is to make the kubernetes code compatible with newer go-jose versions that have a small breaking change (`jwt.NewNumericDate()` returns a pointer).

Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
 2023-03-02 02:53:17 +01:00
Alexander Zielenski
9ef1fc543f skip special features in TestPodSecurityGAOnly 
was causing some alpha/beta features to be disabled after running sometimes
 2023-02-28 13:21:35 -08:00
TommyStarK
9e885bce35 test/integration: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-05 18:38:40 +01:00
Mengjiao Liu
a3d00c15b6 Remove ExpandPersistentVolumes feature gate 2022-12-15 11:43:50 +08:00
Mark Rossetti
498d065cc5
Promoting WindowsHostProcessContainers to stable 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2022-11-01 14:06:25 -07:00
Kubernetes Prow Robot
525280d285
Merge pull request #112643 from SergeyKanzhelev/removeDynamicKubeletConfig 
remove DynamicKubeletConfig feature gate from the code
 2022-10-12 01:33:00 -07:00
Wojciech Tyczyński
57c95fbfa1 Lock ServerSideApply feature to true 2022-09-27 13:48:28 +02:00
Sergey Kanzhelev
39e49a91d7 remove DynamicKubeletConfig feature gate from the code 2022-09-23 23:14:19 +00:00
Jordan Liggitt
e5c4c9b2c0
Make auth integation tests coexist with default API server config 2022-09-21 12:42:49 -04:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Wojciech Tyczyński
ab1038f0e0 Clean shutdown of auth integration tests 2022-07-19 11:34:02 +02:00
Wojciech Tyczyński
690d2f0101 Clean(er) shutdown of auth integration tests 2022-07-14 11:25:57 +02:00
Kubernetes Prow Robot
4b024fc4ee
Merge pull request #110459 from wangyysde/promote-pod-security-to-ga 
PodSecurity: promote config and feature gate to GA
 2022-06-15 14:41:22 -07:00
wangyysde
ab66a38194 PodSecurity: promote config and feature gate to GA 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2022-06-15 09:29:47 +08:00
Wojciech Tyczyński
ed442cc3dd Clean(er) shutdown of auth integration tests 2022-06-14 13:55:31 +02:00
Wojciech Tyczyński
8ef7dd49ee Clean shutdown of auth integration tests 2022-06-10 19:46:50 +02:00
Wojciech Tyczyński
6f706775bc Clean shutdown of test apiserver 2022-05-26 10:42:48 +02:00
Wojciech Tyczyński
deef9e40de Simplify Create/Delete-TestingNamespace functions 2022-05-15 23:06:26 +02:00
Wojciech Tyczyński
04b77f02ee Minor cleanup to use t.Run() in test/integration 2022-05-02 21:13:32 +02:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
Monis Khan
fef7d0ef1e
webhook: use rest.Config instead of kubeconfig file as input 
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-17 20:47:42 -04:00
Jordan Liggitt
92422a7305 set/validate object namespace before admission 2022-02-23 11:12:27 -05:00
Jordan Liggitt
19d71bb5d5 Validate and populate metadata fields in token request 2022-02-09 14:05:53 -05:00
ahrtr
fe95aa614c io/ioutil has already been deprecated in golang 1.16, so replace all ioutil with io and os 2022-02-03 05:32:12 +08:00
Jyoti Mahapatra
a1b52fb17a
extend sa token if audience is apiserver (#105954) 
Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
 2022-01-31 16:01:52 -08:00
Jeffrey Ying
ecb9b620fe
Revert "Populate OpenAPI in all integration tests" 2022-01-26 13:30:03 -05:00
Jefftree
eb8f6fe0f9 Populate OpenAPI in all integration tests 2022-01-25 14:16:31 -08:00
Jordan Liggitt
57e0c5969b Fix integration test authenticators to include AllAuthenticated group 2022-01-19 13:21:05 -05:00
jlsong01
3006aa534b fix flake on TestQuotaLimitService 2022-01-19 21:58:57 +08:00
Jordan Liggitt
01fa142ef5 PodSecurity: promote to beta 2021-11-02 09:43:24 -04:00
Tim Allclair
6c273020d3 [PodSecurity] Avoid the LegcayRegistry for metrics serving 2021-11-01 14:23:00 -07:00
Tim Allclair
21692e1683 [PodSecurity] Add error & exemption metrics 2021-11-01 14:22:58 -07:00
Tim Allclair
e46928c0b1 [PodSecurity] Fix up metrics & add tests 
Update pod security metrics to match the spec in the KEP.
 2021-11-01 14:11:19 -07:00
Margo Crawford
d9ddfb26e1 Introduces Impersonate-Uid to client-go. 
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-09-24 14:06:30 -07:00
Tim Allclair
32783f7568 PodSecurity: Initial webhook implementation 2021-07-09 17:04:29 -07:00
Kubernetes Prow Robot
e1acbbd8fd
Merge pull request #99961 from margocrawf/master 
Introduce Impersonate-UID header
 2021-07-06 18:46:43 -07:00
Margo Crawford
74f5ed6b17 This introduces an Impersonate-Uid header to server side code. 
UserInfo contains a uid field alongside groups, username and extra.
This change makes it possible to pass a UID through as an impersonation header like you
can with Impersonate-Group, Impersonate-User and Impersonate-Extra.

This PR contains:

* Changes to impersonation.go to parse the Impersonate-Uid header and authorize uid impersonation
* Unit tests for allowed and disallowed impersonation cases
* An integration test that creates a CertificateSigningRequest using impersonation,
  and ensures that the API server populates the correct impersonated spec.uid upon creation.
 2021-07-06 10:13:16 -07:00
Jordan Liggitt
49d31c45b1 PodSecurity: baseline hostProcess check 2021-07-01 15:49:33 -04:00
Jordan Liggitt
ba6b4c5a18 PodSecurity: test GA-only cases and alpha/beta fields separately 2021-06-30 22:08:11 -04:00
Anish Ramasekar
5bd3334ad6
[PodSecurity] Add privileged containers baseline check 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2021-06-30 16:39:28 -04:00
Jordan Liggitt
42dc070b47 PodSecurity: kube-apiserver integration test 2021-06-28 17:45:36 -04:00
Mengjiao Liu
4eab19ae7d Clean up the master term in test/integration comments 2021-06-18 16:31:05 +08:00
Kubernetes Prow Robot
51cbebab1f
Merge pull request #102687 from mengjiao-liu/rename-master-to-controlplane 
test/integration: Rename master to controlplane
 2021-06-14 09:49:16 -07:00
Kubernetes Prow Robot
4aae71695a
Merge pull request #102366 from cndoit18/fix-time-format 
fix(timezone): Change the time zone in the api data to UTC
 2021-06-11 06:54:59 -07:00
Mengjiao Liu
257b494478 test/integration: Rename masterConfig to instanceConfig 2021-06-08 17:21:47 +08:00
Mengjiao Liu
6871b2b3c7 Rename masterConfig to controlPlaneConfig 2021-06-04 20:55:08 +08:00
cndoit18
51717256f9
fix(timezone): the timezone is standardized to UTC 
Signed-off-by: cndoit18 <cndoit18@outlook.com>
 2021-06-03 23:55:39 +08:00
Mengjiao Liu
387154f1a9 Part3: master to controlplane in test/integration 
Rename RunAMaster to RunAControlPlane
 2021-06-03 11:06:19 +08:00
Mengjiao Liu
c9ec486287 Part of master to controlplane in test/integration 
Rename NewIntegrationTestMasterConfig to NewIntegrationTestControlPlaneConfig
 2021-05-25 13:26:28 +08:00