github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 15:37:24 +00:00
Code Issues Projects Releases Wiki Activity
54,653 Commits 42 Branches 8,639 Tags
d698404adcf67749dba26c32a2743ecc2b51a4a4
Commit Graph

147 Commits

Author SHA1 Message Date
Steven E. Harris
0016f7f2fc Include "ingresses" in RBAC bootstrap roles 
The bootstrap RBAC roles "admin", "edit", and "view" should all be
able to apply their respective access verbs to the "ingresses"
resource in order to facilitate both publishing Ingress resources (for
service administrators) and consuming them (for ingress controllers).
 2017-01-17 15:37:19 -05:00
Jordan Liggitt
d11f5a0a20 Add node TLS bootstrapping role 2017-01-17 14:31:34 -05:00
deads2k
b2586830c3 add heapster role 2017-01-17 11:27:57 -05:00
Kubernetes Submit Queue
6cd0592a46 Merge pull request #39963 from deads2k/rbac-39-permissions 
Automatic merge from submit-queue

add patch RS to deployment controller

Found in http://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-gci-gce/2841/artifacts/bootstrap-e2e-master/, `RBAC DENY: user "system:serviceaccount:kube-system:deployment-controller" groups [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] cannot "patch" on "replicasets.extensions/" in namespace "e2e-tests-deployment-3rj5g"
`

@kubernetes/sig-auth-misc
 2017-01-16 12:15:16 -08:00
deads2k
56c0ae6456 add patch RS to deployment controller 2017-01-16 12:44:25 -05:00
Jordan Liggitt
4eee0b2b41 Give replicaset controller patch permission on pods 
Needed for AdoptPod/ReleasePod
 2017-01-16 12:32:37 -05:00
Mike Danese
f3e97d522d add rbac role for certificate-controller 2017-01-13 17:40:24 -08:00
Dr. Stefan Schimanski
4a1d507756 Update bazel 2017-01-11 18:53:24 +01:00
Dr. Stefan Schimanski
cf60bec396 Split out server side code from pkg/apis/rbac/validation 2017-01-11 18:31:58 +01:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Kubernetes Submit Queue
49a0cf7f68 Merge pull request #39641 from liggitt/node-controller-status 
Automatic merge from submit-queue (batch tested with PRs 38212, 38792, 39641, 36390, 39005)

Allow node-controller to update node status

ref: #39639 

* adds required permissions to node-controller
 * fixes typo in role name for pod-garbage-collector role
* adds event watching permissions to persistent volume controller
* adds event permissions to node proxier
 2017-01-10 19:48:12 -08:00
deads2k
453651cbfc rename kubernetes-discovery to kube-aggregator 2017-01-10 12:27:42 -05:00
Jordan Liggitt
c6550af702 Allow proxier to write events 2017-01-09 23:36:09 -05:00
Jordan Liggitt
6d3b06125e Allow the persistent volume binder to watch events 2017-01-09 23:36:09 -05:00
Jordan Liggitt
c59c11eb0d fix role for pod-garbage-collector 2017-01-09 23:36:09 -05:00
Jordan Liggitt
bda95a59ad Allow node-controller to update node status 2017-01-09 23:36:09 -05:00
Anirudh
a8a65022b4 Update fixtures 2017-01-06 13:36:34 -08:00
Anirudh
2146f2f221 Allow disruption controller to read statefulsets 2017-01-06 13:03:44 -08:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Kubernetes Submit Queue
38d57e5a71 Merge pull request #39355 from kargakis/update-rc-manager 
Automatic merge from submit-queue

Share rc cache from the rc manager

@kubernetes/sig-apps-misc @hodovska
 2017-01-04 05:18:29 -08:00
Kubernetes Submit Queue
2bad7e6be1 Merge pull request #39219 from liggitt/swagger-discovery 
Automatic merge from submit-queue

Include swaggerapi urls in system:discovery role

Used by client side API validation and for client schema generation
 2017-01-04 00:09:41 -08:00
Michail Kargakis
e5b586b5b0 Share rc cache from the rc manager 2017-01-03 16:59:09 +01:00
Mike Danese
161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Jordan Liggitt
a209040ac8 Include swaggerapi urls in system:discovery role 2016-12-24 12:36:38 -05:00
deads2k
8f1677b7c8 add service status detection to kubernetes-discovery 2016-12-19 14:56:20 -05:00
Maciej Szulik
9f064c57ce Remove extensions/v1beta1 Job 2016-12-17 00:07:24 +01:00
Mike Danese
8fdec87d19 bazel: fix some unit tests 2016-12-15 18:36:22 -08:00
deads2k
6ab6975983 update for controller RBAC roles 2016-12-15 09:18:48 -05:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
deads2k
4aeb3f3ffe update pod RBAC roles to work against head 2016-12-12 08:55:47 -05:00
xilabao
1d475edd1c add default label <kubernetes.io/bootstrapping=rbac-defaults> to rbac bootstrap policy 2016-12-07 09:08:34 +08:00
Jordan Liggitt
8553a8b867 Check in YAML versions of bootstrap roles/rolebindings 2016-12-05 12:03:55 -05:00
Kubernetes Submit Queue
f91966e634 Merge pull request #37391 from deads2k/controller-03-roles 
Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169)

add controller roles

Upstream controller roles that have downstream.

@sttts this is a start at roles for controllers.  I've made names match for now, but they could use some love in both the controller manager and here.  I'd recommend using this as a starting point.
 2016-12-02 20:32:46 -08:00
deads2k
a786892d77 add controller roles 2016-11-28 08:38:24 -05:00
deads2k
18a909edf8 auth delegation role 2016-11-17 14:42:21 -05:00
Kubernetes Submit Queue
6ea9ff68c8 Merge pull request #36155 from deads2k/rbac-20-node-role 
Automatic merge from submit-queue

add nodes role to RBAC bootstrap policy

Add a nodes role.  

@sttts @pweil-
 2016-11-09 14:10:20 -08:00
Maciej Szulik
0b5ef16008 Support ScheduledJob name 2016-11-07 10:14:12 +01:00
Maciej Szulik
41d88d30dd Rename ScheduledJob to CronJob 2016-11-07 10:14:12 +01:00
deads2k
df2492f714 add nodes role to RBAC bootstrap policy 2016-11-03 08:30:50 -04:00
Janet Kuo
10aee82ae3 Rename PetSet API to StatefulSet 2016-10-27 17:25:10 -07:00
Mike Danese
3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
deads2k
d56a27f130 add admin,edit,view roles 2016-10-17 09:04:16 -04:00
deads2k
467b7d928f add clusterrolebindings to bootstrapping 2016-10-10 15:00:35 -04:00
deads2k
87ff84a7b0 add system:discovery role 2016-09-26 11:27:24 -04:00
deads2k
b330b0a220 start creating controller SA roles. start with just one 2016-09-26 09:31:36 -04:00
deads2k
7d1f13d3e0 add GenericAPIServer posthooks for initialization 2016-09-19 14:58:27 -04:00