github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,151 Commits 1 Branch 31 Tags 1,019 MiB
main
Commit Graph

90 Commits

Author SHA1 Message Date
Arda Güçlü
1abf94bec3 Remove GetSingularName for subresources 2022-11-18 12:21:19 +03:00
Arda Güçlü
672e0b1e01 Use correct singular name format for subresources 2022-11-18 12:21:19 +03:00
Arda Güçlü
578ddde80e Add singular name for the rest of types 2022-11-18 12:21:13 +03:00
Arda Güçlü
0990ba1cc9 Introduce singularNameProvider for core types 
This introduces `singularNameProvider`. This provider will be used
by core types to have their singular names are defined in discovery
endpoint. Thanks to that, core resources singular name always have
higher precedence than CRDs shortcuts or singular names.
 2022-11-18 12:21:07 +03:00
Wojciech Tyczyński
80060a502c Implement Destroy() method for all registries 2022-04-19 15:59:13 +02:00
Jordan Liggitt
19d71bb5d5 Validate and populate metadata fields in token request 2022-02-09 14:05:53 -05:00
Jyoti Mahapatra
a1b52fb17a
extend sa token if audience is apiserver (#105954) 
Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
 2022-01-31 16:01:52 -08:00
Davanum Srinivas
9405e9b55e
Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-09 21:31:26 -05:00
Jordan Liggitt
8c8a4cf3e4 Add WarningsOnCreate,WarningsOnUpdate 2021-05-18 10:42:36 -04:00
Monis Khan
bca4993004
Update auth OWNERS files to only use aliases 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-04-07 10:46:03 -04:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Jiajie Yang
ae0e52d28c Monitoring safe rollout of time-bound service account token. 2020-04-22 11:59:16 -07:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Ted Yu
87b2a3129b Propagate error from NewREST 2019-08-12 13:55:35 -07:00
wojtekt
a756e20cb5 Update autogenerated files 2019-07-01 15:02:49 +02:00
wojtekt
7497260e54 Move etcd/testing to etcd3/testing 2019-07-01 15:02:49 +02:00
Sean Sullivan
abfc5bbbf7 Rename TablePrinter interface to TableGenerator 2019-04-16 12:55:30 -07:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Johnny Horvi
954987f8f6 call createValidation before rollback. Fixes #72256 2018-12-21 20:10:19 +01:00
Mike Danese
bcd492e86e use more specific authenticator.Audiences type in TokenRequest registry 2018-10-23 00:16:17 -07:00
Antoine Pelisse
03b1e14101 dry-run: Create new options for Update/Create and pass it along 2018-07-12 07:18:37 -07:00
Kubernetes Submit Queue
2da49321e6
Merge pull request #63653 from WanLinghao/token_expiry_limit 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add limit to the TokenRequest expiration time

**What this PR does / why we need it**:
A new API TokenRequest has been implemented.It improves current serviceaccount model from many ways.
This patch adds limit to TokenRequest expiration time.


**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #63575

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-06-27 00:31:08 -07:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
WanLinghao
f16470c3f1 This patch adds limit to the TokenRequest expiration time. It constrains a TokenRequest's expiration time to avoid extreme value which could harm the cluster. 2018-06-14 09:31:50 +08:00
Mike Danese
dc9e3f1b3e svcacct: validate min and max expiration seconds on TokenRequest 2018-05-30 17:32:49 -07:00
Mike Danese
f39ec8b333 add myself as an approver in various auth related directories 
matching the subprojects I work on:

https://docs.google.com/document/d/1RJvnSPOJ3JC61gerCpCpaCtzQjRcsZ2tXkcyokr6sLY/edit
 2018-05-17 11:32:37 -07:00
Cao Shufeng
5eefd7d012 not expose object detail when creating TokenRequest 2018-05-02 11:01:02 +08:00
David Eads
8ae62517da remove rootscopedkinds from groupmeta 2018-05-01 13:08:23 -04:00
David Eads
6900f8856f rest mappings cannot logically be object converters 2018-04-26 12:47:25 -04:00
Mike Danese
54fd2aaefd replace request.Context with context.Context 2018-04-24 08:59:00 -07:00
Cao Shufeng
da788a1a06 fix error message of TokenRequest 2018-04-18 16:59:16 +08:00
Maciej Szulik
5630d29552
Add missing table converters for server side printing 2018-02-28 17:27:45 +01:00
Mike Danese
024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Mike Danese
1fbf8b8f2a svcacct: move getters to use an external clientset 2018-02-27 17:20:46 -08:00
Mike Danese
b2ceeedd67 tokenrequest: tokens bound to pods running as other svcaccts 2018-02-24 22:18:24 -08:00
Mike Danese
8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski
d4d53c0e2a apiserver: remove unneeded scheme from registry tester 2017-11-20 09:39:44 +01:00
Dr. Stefan Schimanski
0b100cb69b registry: move generic registry tester into k8s.io/apiserver 2017-11-16 09:03:42 +01:00
Dr. Stefan Schimanski
3410f536f4 registry: cut-off kube dependencies from registrytest 2017-11-16 08:57:58 +01:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Dr. Stefan Schimanski
cad0364e73 Update bazel 2017-10-18 17:24:04 +02:00
Dr. Stefan Schimanski
7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Dr. Stefan Schimanski
509df603b1 apimachinery: mechanical removal of ObjectCopier plumbing 2017-10-06 19:21:03 +02:00
Clayton Coleman
fc2d201e15
Allow watch cache to be disabled per type 
Currently setting watch cache size for a given resource does not disable
the watch cache. This commit adds a new `default-watch-cache-size` flag
to map to the existing field, and refactors how watch cache sizes are
calculated to bring all of the code into one place. It also adds debug
logging to startup to allow us to verify watch cache enablement in
production.
 2017-09-08 13:42:28 -04:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00