github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
106,702 Commits 1 Branch 31 Tags
22cef5094e311f000144d24e09369366918e3803
Commit Graph

73 Commits

Author SHA1 Message Date
Patrick Ohly
a8c930ef46 generic ephemeral volume: graduation to GA 
The feature gate gets locked to "true", with the goal to remove it in two
releases.

All code now can assume that the feature is enabled. Tests for "feature
disabled" are no longer needed and get removed.

Some code wasn't using the new helper functions yet. That gets changed while
touching those lines.
 2021-10-11 20:54:20 +02:00
Patrick Ohly
c05c8e915b GenericEphemeralVolume: feature gate, API, documentation 
As explained in
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1698-generic-ephemeral-volumes,
CSI inline volumes are not suitable for more "normal" kinds of storage
systems. For those a new approach is needed: "generic ephemeral inline
volumes".
 2020-07-09 11:02:59 +02:00
Andrew Sy Kim
2e56866c97 move apparmor annotation constants to k8s.io/api/core/v1 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-06 10:22:04 -04:00
Jordan Liggitt
92eb072989 Propagate context to Authorize() calls 2019-09-24 11:14:54 -04:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Kubernetes Prow Robot
b8eecd671d Merge pull request #69941 from miguelbernadi/fix-golint-issues-68026 
Fix golint issues in plugin/pkg/admission
 2019-05-30 08:38:26 -07:00
Vladimir Vivien
8e0cf65310 Enforce pod security policy for CSI inline 2019-05-29 15:38:21 -04:00
Joe Betz
cc2e3616f0 Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 2019-05-28 15:10:22 -07:00
Miguel Bernabeu
f47da8a75d Fix golint violations in several plugins 2019-05-23 20:00:06 +02:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Mehdy Bohlool
d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
yue9944882
e2c61169b1 externalize psp admission controller 2018-10-24 00:22:07 +08:00
Mayank Kumar
bc3e3afc46 api changes for psp runasgroup policy 2018-10-09 17:32:09 -07:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
stewart-yu
55251c716a update the import file for move util/pointer to k8s.io/utils 2018-07-27 19:47:02 +08:00
Tim Allclair
5ace0f03d8 Cleanup & fix PodSecurityPolicy field path usage 2018-07-18 17:47:32 -07:00
Jan Chaloupka
ab616a88b9 Promote sysctl annotations to API fields 2018-06-05 23:17:00 +02:00
Cao Shufeng
241422879d Log policy name from pod security policy 2018-06-04 19:24:25 +08:00
Slava Semushin
f49a0fbd5f Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type. 
We had IDRange in both types prior 9440a68744 commit that splitted it
into UserIDRange/GroupIDRange. Later, in c91a12d205 commit we had to
revert this changes because they broke backward compatibility but
UserIDRange/GroupIDRange struct left in the internal type.

This commit removes these leftovers and reduces the differences
between internal and external types.
 2018-05-04 18:31:42 +02:00
Kubernetes Submit Queue
60141cdfd9 Merge pull request #59317 from CaoShuFeng/assert_Equal 
Automatic merge from submit-queue (batch tested with PRs 62448, 59317, 59947, 62418, 62352). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix assert.Equal argument order

Reference:
https://godoc.org/github.com/stretchr/testify/assert#Equal



**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-04-17 16:31:17 -07:00
Slava Semushin
8a7d5707d5 PSP: move internal types from extensions to policy. 2018-04-11 18:35:09 +02:00
Stephen Augustus
09aa0b9c1d pkg/util/pointer: Update int pointer functions 
* Implement `Int64Ptr` function
* Replace per module functions of `int(32|64)?` --> `*int(32|64)?`
* Update bazel rules
 2018-03-27 10:30:01 -04:00
Kubernetes Submit Queue
c014cc2740 Merge pull request #56848 from CaoShuFeng/duplicated-validation-psp 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

remove duplicated validation from podsecuritypolicy

**Release note**:
```release-note
NONE
```
 2018-03-26 00:13:08 -07:00
Slava Semushin
cee37f2f72 Fix strategy name in the error messages. 2018-03-13 16:21:43 +01:00
Slava Semushin
3d4fa8a189 Modify PodSecurityPolicy admission plugin to additionally allow authorizing via "use" verb in policy API group. 2018-02-22 19:23:02 +01:00
Di Xu
48388fec7e fix all the typos across the project 2018-02-11 11:04:14 +08:00
Cao Shufeng
f95bc9289d fix assert.Equal argument order 
Reference:
https://godoc.org/github.com/stretchr/testify/assert#Equal
 2018-02-04 15:14:55 +08:00
Cao Shufeng
4b738a7b40 [PSP] always check validated policy first for update operation 
When update a pod with `kubernetes.io/psp` annotation set, we should
check this policy first. Because this saved policy is `usually` the
one we are looking for.
 2018-01-03 11:08:37 +08:00
Cao Shufeng
16999f172d remove duplicated validation from podsecuritypolicy 2017-12-05 19:13:44 +08:00
Slava Semushin
b1ae1d67b2 admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value. 2017-11-24 17:12:53 +01:00
Slava Semushin
2b95212ad3 admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing expectedPodUser by a constant value. 2017-11-24 17:12:48 +01:00
Tim Allclair
9673235583 Optimize PSP authorization 2017-11-22 11:13:07 -08:00
Dr. Stefan Schimanski
3d5849fd54 admission: don't update psp annotation on update 2017-11-13 17:10:17 +01:00
Dr. Stefan Schimanski
b9efab0eb2 admission: split PodSecurityPolicy into mutating and validating part 2017-11-09 15:41:25 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Dr. Stefan Schimanski
2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Kubernetes Submit Queue
2d914ee703 Merge pull request #53984 from sttts/sttts-legacyscheme 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

pkg/api: extract Scheme/Registry/Codecs into pkg/api/legacyscheme

This serves as

- a preparation for the pkg/api->pkg/apis/core move
- and makes the dependency to the scheme explicit when vizualizing
  left depenncies.

The later helps with our our efforts to split up the monolithic repo
into self-contained sub-repos, e.g. for kubectl, controller-manager
and kube-apiserver in the future.
 2017-10-18 10:49:10 -07:00
Dr. Stefan Schimanski
7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Slava Semushin
1a3a2d47c8 admission_test.go: remove unused createNamespaceForTest() and createSAForTest() functions. 2017-10-17 12:03:46 +02:00
Jordan Liggitt
8c5b01376a PodSecurityPolicy: Order by name, prefer non-mutating policies, require *api.Pod, allow GC updates 2017-10-16 02:22:11 -04:00
Jordan Liggitt
abc7c077e1 PodSecurityPolicy: avoid unnecessary mutation of supplemental groups 2017-10-16 02:21:10 -04:00
Jordan Liggitt
b45b809f4c PodSecurityPolicy: Do not mutate nil privileged field to false 2017-10-16 02:21:10 -04:00
Slava Semushin
9015a82692 PodSecurityPolicy.allowedCapabilities: add support for using * to allow to request any capabilities. 
Also modify "privileged" PSP to use it and allow privileged users to use
any capabilities.
 2017-09-06 12:18:09 +02:00
mbohlool
c91a12d205 Remove all references to types.UnixUserID and types.UnixGroupID 2017-06-21 04:09:07 -07:00
p0lyn0mial
d0e89577db Simply changed the names of packages of some admission plugins. 2017-06-05 22:23:42 +02:00
Jamie Hannaford
9440a68744 Use dedicated Unix User and Group ID types 2017-05-05 14:07:38 +02:00
Chao Xu
08aa712a6c move helpers.go to helper 2017-04-11 15:49:11 -07:00
Jordan Liggitt
5d839d0d0b Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
Jordan Liggitt
829e6f6cfb Include pod namespace in PSP 'use' authorization check 2017-03-24 15:14:52 -04:00