github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 04:06:03 +00:00
Code Issues Projects Releases Wiki Activity
Production-Grade Container Scheduling and Management
46,036 Commits 42 Branches 7,905 Tags 1.3 GiB
Go 97%
Shell 2.6%
PowerShell 0.2%
cc571d1833
Go to file
Kubernetes Submit Queue cc571d1833 Merge pull request #42360 from liggitt/psp-namespaced-use-check 
Automatic merge from submit-queue (batch tested with PRs 42360, 43109, 43737, 43853)

Include pod namespace in PSP 'use' authorization check

Follow up to https://github.com/kubernetes/kubernetes/pull/33080/files#diff-291b8dd7d08cc034975ddb3925dbb08fR341

Prior to this PR, when PodSecurityPolicy admission is active, you must be authorized to use a covering PodSecurityPolicy cluster-wide in order to create a pod. This PR changes that to only require a covering PodSecurityPolicy within the pod's namespace.

When used in concert with mechanisms that limits pods within a namespace to a particular set of nodes, this can be used to allow users to create privileged pods within specific namespaces only.

```release-note
Permission to use a PodSecurityPolicy can now be granted within a single namespace by allowing the `use` verb on the `podsecuritypolicies` resource within the namespace.
```
2017-03-31 00:34:22 -07:00
.github PR template: Update links to kubernetes/community repo 2017-03-17 12:23:58 -04:00
api wire in aggregation 2017-03-27 09:44:10 -04:00
build Merge pull request #42668 from ixdy/build-silence-docker-rmi 2017-03-30 23:36:24 -07:00
cluster Merge pull request #42668 from ixdy/build-silence-docker-rmi 2017-03-30 23:36:24 -07:00
cmd Merge pull request #43835 from mikedanese/kubeadm-fix 2017-03-30 16:57:24 -07:00
docs wire in aggregation 2017-03-27 09:44:10 -04:00
examples Merge pull request #42088 from ericchiang/psp-example-fix 2017-03-30 15:24:53 -07:00
federation Merge pull request #42835 from deads2k/server-01-remove-insecure 2017-03-27 17:00:21 -07:00
Godeps Merge pull request #40423 from mkutsevol/feature/openstack_cinder_v1_2_auto 2017-03-27 12:49:22 -07:00
hack Merge pull request #42379 from xilabao/enable-audit-log-in-local-cluster 2017-03-30 23:36:20 -07:00
hooks Fix spelling in package naming linter error message 2016-12-20 15:48:14 -05:00
logo Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
pkg Merge pull request #43260 from thockin/nodeport-allocation-rand-seed 2017-03-30 23:36:30 -07:00
plugin Merge pull request #42360 from liggitt/psp-namespaced-use-check 2017-03-31 00:34:22 -07:00
staging Merge pull request #42337 from liggitt/tls-config 2017-03-29 14:53:38 -07:00
test Merge pull request #43862 from eparis/eparis-approver 2017-03-30 12:42:09 -07:00
third_party Add forked etcd 2.2.1 code to allow rollback to 2.2.1 version 2017-02-10 13:56:01 +01:00
translations Update extraction script, sort messages, add .pot file. 2017-02-23 18:53:00 +00:00
vendor Admission plugin initializer for the generic API server. 2017-03-28 08:13:09 +02:00
.bazelrc Add verify-gofmt as a Bazel test. 2017-02-10 17:00:28 -08:00
.gazelcfg.json Generate a dummy BUILD file in _output/local/go to keep Bazel out of trouble 2017-01-05 22:05:17 -08:00
.generated_files Move .generated_docs to docs/ so docs OWNERS can review / approve 2017-02-16 10:11:57 -08:00
.gitattributes Add -diff attributes for generated files 2016-12-08 17:12:07 -08:00
.gitignore Add cscope related files into .gitignore. 2016-12-21 10:35:14 +08:00
BUILD.bazel bazel: save git version in kubernetes.tar.gz 2017-01-23 17:28:08 -08:00
CHANGELOG.md Fixs markdown links in CHANGELOG for 1.6 and 1.5 2017-03-28 18:55:13 -07:00
code-of-conduct.md
CONTRIBUTING.md Close kubernetes/community#420 2017-03-08 09:59:30 -08:00
labels.yaml
LICENSE
Makefile Make make quick-release quick again 2017-02-21 14:35:55 -08:00
Makefile.generated_files Remove a from each codegen path 2016-12-30 18:44:32 -08:00
OWNERS Add wojtec to global approvers 2017-01-25 11:57:00 -06:00
OWNERS_ALIASES Initial breakout of scheduling e2es to help assist in both assignment 2017-03-13 22:34:57 -05:00
README.md Close kubernetes/community#420 2017-03-08 09:59:30 -08:00
Vagrantfile
WORKSPACE Update busybox dependency to fix bazel build 2017-03-28 12:12:31 -07:00

README.md

Kubernetes

Submit Queue Widget GoDoc Widget

Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.

Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Kubernetes plays a role, read the CNCF announcement.

To start using Kubernetes

See our documentation on kubernetes.io.

Try our interactive tutorial.

Take a free course on Scalable Microservices with Kubernetes.

To start developing Kubernetes

The community repository hosts all information about building Kubernetes from source, how to contribute code and documentation, who to contact about what, etc.

If you want to build Kubernetes right away there are two options:

You have a working Go environment.
$ go get -d k8s.io/kubernetes
$ cd $GOPATH/src/k8s.io/kubernetes
$ make
You have a working Docker environment.
$ git clone https://github.com/kubernetes/kubernetes
$ cd kubernetes
$ make quick-release

If you are less impatient, head over to the developer's documentation.

Support

If you need support, start with the troubleshooting guide and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another.

Analytics