github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
62,149 Commits 1 Branch 31 Tags 1,019 MiB
0cb15453da
Commit Graph

39 Commits

Author SHA1 Message Date
wackxu
9342eff20d rename func ValidatePodSecurityContext to ValidatePod 2018-02-14 10:55:50 +08:00
Cao Shufeng
4b738a7b40 [PSP] always check validated policy first for update operation 
When update a pod with `kubernetes.io/psp` annotation set, we should
check this policy first. Because this saved policy is `usually` the
one we are looking for.
 2018-01-03 11:08:37 +08:00
Kubernetes Submit Queue
45f983144f
Merge pull request #55504 from php-coder/cleanup_create_sc 
Automatic merge from submit-queue (batch tested with PRs 55557, 55504, 56269, 55604, 56202). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Create{Container,Pod}SecurityContext: modify a pod and don't return the annotations

**What this PR does / why we need it**:
Prior https://github.com/kubernetes/kubernetes/pull/52849 we couldn't modify a pod and had to return annotations from the methods. But now, as we always working with a copy of a pod, we can modify it directly and we don't need to copy&return annotations separately.

This PR simplifies the code by modifying a pod directly. Also it renames these methods and replaces returning of the `SecurityContext` by in-place modification.

In fact it reverts the changes from https://github.com/kubernetes/kubernetes/pull/30257

**Release note**:
```release-note
NONE
```

PTAL @liggitt @timstclair 
CC @simo5
 2017-12-14 13:54:40 -08:00
Tim Allclair
9673235583
Optimize PSP authorization 2017-11-22 11:13:07 -08:00
Dr. Stefan Schimanski
3d5849fd54 admission: don't update psp annotation on update 2017-11-13 17:10:17 +01:00
Slava Semushin
a4a3c7938a CreateContainerSecurityContext: rename; modify its arguments intead of returning a copy. 2017-11-13 16:02:03 +01:00
Slava Semushin
a31a14924d CreatePodSecurityContext: rename; modify its arguments instead of returning a copy. 2017-11-13 16:00:42 +01:00
Dr. Stefan Schimanski
b9efab0eb2 admission: split PodSecurityPolicy into mutating and validating part 2017-11-09 15:41:25 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Dr. Stefan Schimanski
aedcf681b3 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 2017-11-02 09:29:55 +01:00
Jordan Liggitt
8c5b01376a
PodSecurityPolicy: Order by name, prefer non-mutating policies, require *api.Pod, allow GC updates 2017-10-16 02:22:11 -04:00
p0lyn0mial
475493ced6 moved admission interfaces WantsClientCert, WantsAuthorizer and WantsExternalKubeClientSet to apiserver 2017-10-01 15:03:08 +02:00
p0lyn0mial
d0e89577db Simply changed the names of packages of some admission plugins. 2017-06-05 22:23:42 +02:00
p0lyn0mial
c5019bf696 remove init blocks from all admission plugins 2017-05-23 22:00:32 +02:00
p0lyn0mial
3f8d6e9210 Change all the existing admission init blocks to call a Register function 
this is a two stage refactor when done there will be no init block in admission plugins.
Instead all plugins expose Register function which accept admission.Plugins instance.
The registration to global plugin registry happens inside Register func.
 2017-05-18 22:25:01 +02:00
FengyunPan
3856b5d76c Check errors before logging providers 
The logProviders() should check errors firstly, and do not log
providers when providers is null.
 2017-04-22 16:55:32 +08:00
Dr. Stefan Schimanski
63f547e1b1 pkg/admission: make plugin registry non-global 2017-04-12 11:37:25 +02:00
Jordan Liggitt
5d839d0d0b
Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
Jordan Liggitt
829e6f6cfb
Include pod namespace in PSP 'use' authorization check 2017-03-24 15:14:52 -04:00
Jordan Liggitt
dd7561801a
Authorize PSP usage for pods without service accounts 2017-03-21 19:54:39 -04:00
Kubernetes Submit Queue
2be623b14f Merge pull request #38805 from xilabao/add-err-info-to-authorize-in-psp 
Automatic merge from submit-queue

add err info to authorize in psp

It's unwise to ignore the err in my view.
 2017-03-10 13:32:19 -08:00
deads2k
d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
xilabao
35d926d8d3 add err info to authorize in psp 2017-02-27 10:24:01 +08:00
Andy Goldstein
022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
deads2k
b0b156b381 make tools/cache authoritative 2017-01-25 08:29:45 -05:00
Clayton Coleman
469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
deads2k
77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k
4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Chao Xu
1044aa4500 plugin/admission; including resourcequota admission 2016-11-23 15:53:09 -08:00
pweil-
bbe9c8f96d add authz checks to allowed policies admission 2016-11-08 08:36:27 -05:00
Tim St. Clair
c99d7fddc1
Add alpha annotations support to the PodSecurityPolicy provider 2016-08-17 10:14:36 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Clayton Coleman
e2afc97587
Add init containers to PSP admission 
Treat them just like regular containers.
 2016-05-18 22:32:22 -04:00
Paul Weil
4970f0c02d PSP admission 2016-05-11 18:07:36 -04:00