github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add BoundServiceAccountTokenVolume feature

Browse Source 
* require TokenRequest to be enabled and configured
* bind ca.crt publisher to this feature rather than to TokenRequest
This commit is contained in:
Mike Danese
2018-11-02 13:22:55 -07:00
parent 2dcdad297e
commit f4ff26679f
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/features/kube_features.go
View File

@@ -269,6 +269,14 @@ const (
// Enable ServiceAccountTokenVolumeProjection support in ProjectedVolumes.
TokenRequestProjection utilfeature.Feature = "TokenRequestProjection"
// owner: @mikedanese
// alpha: v1.13
//
// Migrate ServiceAccount volumes to use a projected volume consisting of a
// ServiceAccountTokenVolumeProjection. This feature adds new required flags
// to the API server.
BoundServiceAccountTokenVolume utilfeature.Feature = "BoundServiceAccountTokenVolume"
// owner: @Random-Liu
// beta: v1.11
//
@@ -428,6 +436,7 @@ var defaultKubernetesFeatureGates = map[utilfeature.Feature]utilfeature.FeatureS
ScheduleDaemonSetPods: {Default: true, PreRelease: utilfeature.Beta},
TokenRequest: {Default: true, PreRelease: utilfeature.Beta},
TokenRequestProjection: {Default: true, PreRelease: utilfeature.Beta},
BoundServiceAccountTokenVolume: {Default: false, PreRelease: utilfeature.Alpha},
CRIContainerLogRotation: {Default: true, PreRelease: utilfeature.Beta},
GCERegionalPersistentDisk: {Default: true, PreRelease: utilfeature.GA},
RunAsGroup: {Default: false, PreRelease: utilfeature.Alpha},