github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
112,920 Commits 1 Branch 31 Tags 1,019 MiB
32c44b33e8
Commit Graph

31 Commits

Author SHA1 Message Date
Tim Hockin
6d4241fe5d
Clarify a few validation messages 2022-09-19 16:14:37 -07:00
cndoit18
ec43037d0f style: remove redundant judgment 
Signed-off-by: cndoit18 <cndoit18@outlook.com>
 2022-08-25 12:07:36 +08:00
Jordan Liggitt
0e925f266f Update unit tests to handle go1.17 certificate parsing error messages 2021-08-17 11:24:03 -04:00
Jordan Liggitt
b1d344db44 Drop legacy validation logic for certificates API 2021-08-09 12:37:34 -04:00
Aldo Culquicondor
bb56a0bd04 Add Job.status.uncountedPodUIDs 
For tracking Job Pods that have finished but are not yet counted as failed or succeeded

And feature gate JobTrackingWithFinalizers

Change-Id: I3e080f3ec090922640384b692e88eaf9a544d3b5
 2021-07-08 15:31:59 +00:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime 
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:15 -04:00
卢振兴10069964
4e447acab0 code cleanup for pkg/api and pkg/apis 2021-04-28 08:57:23 +08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Matthew Fenwick
d407129cf7 modify DNS-1123 error messages to indicate that RFC 1123 is not followed exactly 2020-09-02 08:04:04 -04:00
Jordan Liggitt
db4ca87d9d Switch CSR approver/signer/cleaner controllers to v1 2020-06-05 18:45:34 -04:00
Jordan Liggitt
3f1546960d Fix validation message for CSR condition status values 2020-06-05 00:50:01 -04:00
Jordan Liggitt
595adc402a Validate unknown and duplicate usages in CSR v1 2020-06-05 00:50:01 -04:00
Jordan Liggitt
7049149181 Generated files 2020-05-28 16:53:23 -04:00
Jordan Liggitt
aed0621f2e Plumb version info to validation, separate main/status/approval validation 2020-05-28 12:20:40 -04:00
James Munnelly
a983356caa Add signerName field to CSR resource spec 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2020-02-27 10:17:55 +00:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Mike Danese
a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Dr. Stefan Schimanski
918868b115 genericapiserver: cut off certificates api dependency 2017-01-16 14:10:59 +01:00
Mike Danese
06077ac088 default a CSR's allowed usage to key encipherment and digital signing 2017-01-11 14:57:26 -08:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Mike Danese
3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
Ilya Dmitrichenko
386fae4592
Refactor utils that deal with certs 
- merge `pkg/util/{crypto,certificates}`
- add funcs from `github.com/kubernetes-incubator/bootkube/pkg/tlsutil`
- ensure naming of funcs is fairly consistent
 2016-09-19 09:03:42 +01:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
George Tankersley
f7f3e0f9e9 apis/certificates: initialize the certificates API group 2016-06-27 14:29:16 -07:00