github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-03 23:40:03 +00:00
Code Issues Projects Releases Wiki Activity
102,324 Commits 42 Branches 8,159 Tags
995278c9fbb80cb15136c68970b384cc91030397
Commit Graph

3072 Commits

Author SHA1 Message Date
Davanum Srinivas
79d0c6cdc1 switch from golang-lru to the one in k8s.io/utils 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-07-07 22:31:37 -04:00
Jordan Liggitt
1dfacd3c70 PodSecurity: use code/reason/details from admission library 2021-07-07 16:25:16 -04:00
Tim Allclair
cf6ba6096f Move pod-security-admission to an external Attributes interface 2021-07-06 15:15:15 -07:00
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Tomas Coufal
44cb4a63f6 Allow write on events to edit role 
Signed-off-by: Tomas Coufal <tcoufal@redhat.com>
 2021-06-14 23:13:29 +02:00
Shihang Zhang
88b31814f4 BoundServiceAccountTokenVolume ga 2021-05-13 20:45:47 -07:00
Kubernetes Prow Robot
6ede5ca95f Merge pull request #101186 from jsafrane/fix-ephemeral-rbac 
Fix RBAC of generic ephemeral volumes controller
 2021-04-20 09:06:45 -07:00
Mike Tougeron
896bb932ef Add endpointslices to default edit & view RBAC policies 2021-04-16 13:43:32 -07:00
Jan Safranek
cfbe5f1891 Fix RBAC of generic ephemeral volumes controller 
The controller must be able to "update" finalizers of all pods to make
OwnerReferencesPermissionEnforcement admission plugin happy.
 2021-04-16 11:01:54 +02:00
Kubernetes Prow Robot
d51f15ed0d Merge pull request #100885 from enj/enj/i/auth_owners 
Update sig-auth OWNERS
 2021-04-12 22:18:49 -07:00
Monis Khan
bca4993004 Update auth OWNERS files to only use aliases 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-04-07 10:46:03 -04:00
Niekvdplas
fec272a7b2 Fixed several spelling mistakes 2021-03-30 23:02:09 +02:00
Patrick Ohly
c4311ae754 generic ephemeral volumes: refresh rbac testdata 
This is the result of
  UPDATE_BOOTSTRAP_POLICY_FIXTURE_DATA=true go test k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy

Apparently enabling the GenericEphemeralVolume feature by default
affect this test. The policy that it now tests against is indeed
the one needed for the controller.
 2021-03-09 08:24:52 +01:00
Patrick Ohly
85bfd26c17 CSIStorageCapacity: update rbac test data 
This is the result of
  UPDATE_BOOTSTRAP_POLICY_FIXTURE_DATA=true go test k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy
after enabling the CSIStorageCapacity feature. This enables
additional RBAC entries for reading CSIDriver and
CSIStorageCapacity.
 2021-03-08 20:52:50 +01:00
Swetha Repakula
108fd44f7c Graduate EndpointSlice feature gate to GA 2021-03-06 15:58:47 -08:00
Abdullah Gharaibeh
3c5f018f8e Add CrossNamespacePodAffinity quota scope and PodAffinityTerm.NamespaceSelector APIs, and CrossNamespacePodAffinity quota scope implementation. 2021-03-03 22:52:43 -05:00
Kubernetes Prow Robot
5498ee641b Merge pull request #99561 from BenTheElder/remove-bazel 
Remove Bazel
 2021-03-01 09:55:27 -08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Jordan Liggitt
ec4d1b3821 Skip visiting empty secret and configmap names 2021-02-27 15:54:38 -05:00
Kubernetes Prow Robot
267e47f548 Merge pull request #99130 from ayberk/ebs_ga_labels 
Use GA topology labels for EBS
 2021-02-23 23:48:49 -08:00
Shihang Zhang
cbf6e38bbd move RootCAConfigMap to ga 2021-02-22 15:59:27 -08:00
Kubernetes Prow Robot
031f2afbba Merge pull request #98931 from michaelbeaumont/kubelet_well_known 
Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis
 2021-02-20 11:55:41 -08:00
Ayberk Yilmaz
339b8b450f Use GA topoogy labels for EBS 2021-02-18 00:34:56 +00:00
Kubernetes Prow Robot
60a0740c95 Merge pull request #98678 from ahg-g/ahg-ttl-beta 
Graduate TTLAfterFinished to beta
 2021-02-09 15:10:59 -08:00
Michael Beaumont
a5a6762d33 Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis 2021-02-09 21:37:39 +01:00
Abdullah Gharaibeh
880bbdad23 Graduate TTLAfterFinished to beta 2021-02-07 17:23:14 -05:00
Kubernetes Prow Robot
34f138ff83 Merge pull request #97823 from Jiawei0227/translation-lib 
Preparation for Topology migration to GA for CSI migration
 2021-02-02 08:48:28 -08:00
Kubernetes Prow Robot
1119a505ac Merge pull request #98669 from liggitt/denyexec 
Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission
 2021-02-02 06:52:28 -08:00
Jordan Liggitt
3579f88e4d Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission 2021-02-01 16:55:22 -05:00
Michael Taufen
6aa80d9172 Graduate ServiceAccountIssuerDiscovery to GA 
Waiting on KEP updates first:
https://github.com/kubernetes/enhancements/pull/2363
 2021-02-01 11:44:23 -08:00
Kubernetes Prow Robot
3667e0e9f7 Merge pull request #98147 from deads2k/system-masters-delete 
add check to gc_admission to allow super users to skip RESTMapping
 2021-01-28 17:52:02 -08:00
Kubernetes Prow Robot
24f13032b3 Merge pull request #97395 from thockin/externalips-admission 
Add denyserviceexternalips admission (KEP 2200)
 2021-01-28 12:33:11 -08:00
David Eads
ff6684d90f add check to gc_admission to allow super users to skip RESTMapping 2021-01-27 16:53:33 -05:00
Jiawei Wang
67fed317a1 Prepare for Topology migration to GA from CSI migration 
This also includes a change on CSI migration TranslateCSIToInTree
where we remove the CSI topology and add Kubernetes Topology to
the NodeAffinity
 2021-01-20 10:49:58 -08:00
Kubernetes Prow Robot
1f0ef8e679 Merge pull request #97293 from roycaihw/storage-version/gc-rbac 
add rbac rule for storage version garbage collector
 2021-01-11 08:39:07 -08:00
Haowei Cai
83b30bc92f generated 2021-01-08 11:39:41 -08:00
Haowei Cai
be172d6900 add rbac role for storage version GC 2021-01-08 11:39:08 -08:00
Tim Hockin
a8299079a5 Add denyserviceexternalips admission 2020-12-29 10:00:11 -08:00
Tim Hockin
02b77861ec Move defaultingressclass admission to net subdir 2020-12-28 09:58:30 -08:00
ialidzhikov
bc432124a2 Remove CSINodeInfo feature gate 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2020-12-10 09:58:22 +02:00
Kubernetes Prow Robot
96efb71094 Merge pull request #97020 from mikedanese/errfix 
hoist error message change in token registry to noderestriction
 2020-12-08 21:06:42 -08:00
Mike Danese
84995167d6 hoist error message change in token registry to noderestriction 
The token registry error message was changed in
5eefd7d012 to exclude some object details.
This error comes from noderestriction under some circumstances. Let's
make sure they match.

Change-Id: If9240f5c1a131d27dce389e2c6eca6c33d681f3b
 2020-12-02 10:58:25 -08:00
pacoxu
dd3179ee93 AlwaysPullImages: ignore updates that don't change the images referenced by the pod spec 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2020-12-01 06:59:57 +08:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Maciej Borsz
4d81f7e129 Improve observability of node authorizer: 
* Adding some metrics to the graph
* Adding log message when node authorizer has synced

Change-Id: I3447d6bc389a0b82ded1db2a7a4ae41d79486c2b
 2020-11-10 08:40:46 +01:00
Tim Hockin
819ff9b087 Use topology labels instead of old beta names (#96033) 
* Rename const for topology.../zone

* Rename const for topology.../region

* Rename const for failure-domain.../zone

* Rename const for failure-domain.../region

* Restore old names for compat
 2020-11-05 20:26:50 -08:00
Shihang Zhang
d40f0c43c4 separate RootCAConfigMap from BoundServiceAccountTokenVolume 2020-11-04 17:10:39 -08:00
Jan Chaloupka
a5920f7edb Move helpers from pkg/registry/rbac/reconciliation and pkg/registry/rbac/validation under k8s.io/component-helpers 2020-11-02 17:51:16 +01:00
Abu Kashem
53a1307f68 make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00