github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
110,078 Commits 1 Branch 31 Tags 1,019 MiB
22cb7ac766
Commit Graph

234 Commits

Author SHA1 Message Date
Wojciech Tyczyński
ab1038f0e0 Clean shutdown of auth integration tests 2022-07-19 11:34:02 +02:00
Wojciech Tyczyński
690d2f0101 Clean(er) shutdown of auth integration tests 2022-07-14 11:25:57 +02:00
Kubernetes Prow Robot
4b024fc4ee
Merge pull request #110459 from wangyysde/promote-pod-security-to-ga 
PodSecurity: promote config and feature gate to GA
 2022-06-15 14:41:22 -07:00
wangyysde
ab66a38194 PodSecurity: promote config and feature gate to GA 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2022-06-15 09:29:47 +08:00
Wojciech Tyczyński
ed442cc3dd Clean(er) shutdown of auth integration tests 2022-06-14 13:55:31 +02:00
Wojciech Tyczyński
8ef7dd49ee Clean shutdown of auth integration tests 2022-06-10 19:46:50 +02:00
Wojciech Tyczyński
6f706775bc Clean shutdown of test apiserver 2022-05-26 10:42:48 +02:00
Wojciech Tyczyński
deef9e40de Simplify Create/Delete-TestingNamespace functions 2022-05-15 23:06:26 +02:00
Wojciech Tyczyński
04b77f02ee Minor cleanup to use t.Run() in test/integration 2022-05-02 21:13:32 +02:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
Monis Khan
fef7d0ef1e
webhook: use rest.Config instead of kubeconfig file as input 
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-17 20:47:42 -04:00
Jordan Liggitt
92422a7305 set/validate object namespace before admission 2022-02-23 11:12:27 -05:00
Jordan Liggitt
19d71bb5d5 Validate and populate metadata fields in token request 2022-02-09 14:05:53 -05:00
ahrtr
fe95aa614c io/ioutil has already been deprecated in golang 1.16, so replace all ioutil with io and os 2022-02-03 05:32:12 +08:00
Jyoti Mahapatra
a1b52fb17a
extend sa token if audience is apiserver (#105954) 
Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
 2022-01-31 16:01:52 -08:00
Jeffrey Ying
ecb9b620fe
Revert "Populate OpenAPI in all integration tests" 2022-01-26 13:30:03 -05:00
Jefftree
eb8f6fe0f9 Populate OpenAPI in all integration tests 2022-01-25 14:16:31 -08:00
Jordan Liggitt
57e0c5969b Fix integration test authenticators to include AllAuthenticated group 2022-01-19 13:21:05 -05:00
jlsong01
3006aa534b fix flake on TestQuotaLimitService 2022-01-19 21:58:57 +08:00
Jordan Liggitt
01fa142ef5 PodSecurity: promote to beta 2021-11-02 09:43:24 -04:00
Tim Allclair
6c273020d3 [PodSecurity] Avoid the LegcayRegistry for metrics serving 2021-11-01 14:23:00 -07:00
Tim Allclair
21692e1683 [PodSecurity] Add error & exemption metrics 2021-11-01 14:22:58 -07:00
Tim Allclair
e46928c0b1 [PodSecurity] Fix up metrics & add tests 
Update pod security metrics to match the spec in the KEP.
 2021-11-01 14:11:19 -07:00
Margo Crawford
d9ddfb26e1 Introduces Impersonate-Uid to client-go. 
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-09-24 14:06:30 -07:00
Tim Allclair
32783f7568 PodSecurity: Initial webhook implementation 2021-07-09 17:04:29 -07:00
Kubernetes Prow Robot
e1acbbd8fd
Merge pull request #99961 from margocrawf/master 
Introduce Impersonate-UID header
 2021-07-06 18:46:43 -07:00
Margo Crawford
74f5ed6b17 This introduces an Impersonate-Uid header to server side code. 
UserInfo contains a uid field alongside groups, username and extra.
This change makes it possible to pass a UID through as an impersonation header like you
can with Impersonate-Group, Impersonate-User and Impersonate-Extra.

This PR contains:

* Changes to impersonation.go to parse the Impersonate-Uid header and authorize uid impersonation
* Unit tests for allowed and disallowed impersonation cases
* An integration test that creates a CertificateSigningRequest using impersonation,
  and ensures that the API server populates the correct impersonated spec.uid upon creation.
 2021-07-06 10:13:16 -07:00
Jordan Liggitt
49d31c45b1 PodSecurity: baseline hostProcess check 2021-07-01 15:49:33 -04:00
Jordan Liggitt
ba6b4c5a18 PodSecurity: test GA-only cases and alpha/beta fields separately 2021-06-30 22:08:11 -04:00
Anish Ramasekar
5bd3334ad6
[PodSecurity] Add privileged containers baseline check 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2021-06-30 16:39:28 -04:00
Jordan Liggitt
42dc070b47 PodSecurity: kube-apiserver integration test 2021-06-28 17:45:36 -04:00
Mengjiao Liu
4eab19ae7d Clean up the master term in test/integration comments 2021-06-18 16:31:05 +08:00
Kubernetes Prow Robot
51cbebab1f
Merge pull request #102687 from mengjiao-liu/rename-master-to-controlplane 
test/integration: Rename master to controlplane
 2021-06-14 09:49:16 -07:00
Kubernetes Prow Robot
4aae71695a
Merge pull request #102366 from cndoit18/fix-time-format 
fix(timezone): Change the time zone in the api data to UTC
 2021-06-11 06:54:59 -07:00
Mengjiao Liu
257b494478 test/integration: Rename masterConfig to instanceConfig 2021-06-08 17:21:47 +08:00
Mengjiao Liu
6871b2b3c7 Rename masterConfig to controlPlaneConfig 2021-06-04 20:55:08 +08:00
cndoit18
51717256f9
fix(timezone): the timezone is standardized to UTC 
Signed-off-by: cndoit18 <cndoit18@outlook.com>
 2021-06-03 23:55:39 +08:00
Mengjiao Liu
387154f1a9 Part3: master to controlplane in test/integration 
Rename RunAMaster to RunAControlPlane
 2021-06-03 11:06:19 +08:00
Mengjiao Liu
c9ec486287 Part of master to controlplane in test/integration 
Rename NewIntegrationTestMasterConfig to NewIntegrationTestControlPlaneConfig
 2021-05-25 13:26:28 +08:00
Shihang Zhang
925900317e allow multiple of --service-account-issuer 2021-04-19 09:54:11 -07:00
Jordan Liggitt
33ad842480 allow evictions subresource to accept policy/v1 and policy/v1beta1 2021-04-13 21:22:25 -04:00
drfish
aa0b284ca1 Make integration tests not depend on e2e tests 2021-03-25 23:02:52 +08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Shihang Zhang
1095778dcc remove secret-based sa token client builder 2021-02-21 22:00:40 -08:00
Michael Taufen
6aa80d9172 Graduate ServiceAccountIssuerDiscovery to GA 
Waiting on KEP updates first:
https://github.com/kubernetes/enhancements/pull/2363
 2021-02-01 11:44:23 -08:00
ialidzhikov
bc432124a2 Remove CSINodeInfo feature gate 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2020-12-10 09:58:22 +02:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Kubernetes Prow Robot
ccfdc09f35
Merge pull request #91683 from tedyu/mirror-pod-owner-ref 
Mirror pod without OwnerReference should not be created
 2020-09-25 11:02:48 -07:00
Daniel Smith
a86afc12df update scripts 2020-09-02 10:49:40 -07:00