github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93,054 Commits 1 Branch 31 Tags 1,019 MiB
479249b3a3
Commit Graph

72 Commits

Author SHA1 Message Date
Patrick Ohly
c05c8e915b GenericEphemeralVolume: feature gate, API, documentation 
As explained in
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1698-generic-ephemeral-volumes,
CSI inline volumes are not suitable for more "normal" kinds of storage
systems. For those a new approach is needed: "generic ephemeral inline
volumes".
 2020-07-09 11:02:59 +02:00
Andrew Sy Kim
2e56866c97 move apparmor annotation constants to k8s.io/api/core/v1 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-06 10:22:04 -04:00
Jordan Liggitt
92eb072989 Propagate context to Authorize() calls 2019-09-24 11:14:54 -04:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Kubernetes Prow Robot
b8eecd671d
Merge pull request #69941 from miguelbernadi/fix-golint-issues-68026 
Fix golint issues in plugin/pkg/admission
 2019-05-30 08:38:26 -07:00
Vladimir Vivien
8e0cf65310 Enforce pod security policy for CSI inline 2019-05-29 15:38:21 -04:00
Joe Betz
cc2e3616f0 Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 2019-05-28 15:10:22 -07:00
Miguel Bernabeu
f47da8a75d Fix golint violations in several plugins 2019-05-23 20:00:06 +02:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Mehdy Bohlool
d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
yue9944882
e2c61169b1 externalize psp admission controller 2018-10-24 00:22:07 +08:00
Mayank Kumar
bc3e3afc46 api changes for psp runasgroup policy 2018-10-09 17:32:09 -07:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
stewart-yu
55251c716a update the import file for move util/pointer to k8s.io/utils 2018-07-27 19:47:02 +08:00
Tim Allclair
5ace0f03d8
Cleanup & fix PodSecurityPolicy field path usage 2018-07-18 17:47:32 -07:00
Jan Chaloupka
ab616a88b9 Promote sysctl annotations to API fields 2018-06-05 23:17:00 +02:00
Cao Shufeng
241422879d Log policy name from pod security policy 2018-06-04 19:24:25 +08:00
Slava Semushin
f49a0fbd5f Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type. 
We had IDRange in both types prior 9440a68744 commit that splitted it
into UserIDRange/GroupIDRange. Later, in c91a12d205 commit we had to
revert this changes because they broke backward compatibility but
UserIDRange/GroupIDRange struct left in the internal type.

This commit removes these leftovers and reduces the differences
between internal and external types.
 2018-05-04 18:31:42 +02:00
Kubernetes Submit Queue
60141cdfd9
Merge pull request #59317 from CaoShuFeng/assert_Equal 
Automatic merge from submit-queue (batch tested with PRs 62448, 59317, 59947, 62418, 62352). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix assert.Equal argument order

Reference:
https://godoc.org/github.com/stretchr/testify/assert#Equal



**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2018-04-17 16:31:17 -07:00
Slava Semushin
8a7d5707d5 PSP: move internal types from extensions to policy. 2018-04-11 18:35:09 +02:00
Stephen Augustus
09aa0b9c1d pkg/util/pointer: Update int pointer functions 
* Implement `Int64Ptr` function
* Replace per module functions of `int(32|64)?` --> `*int(32|64)?`
* Update bazel rules
 2018-03-27 10:30:01 -04:00
Kubernetes Submit Queue
c014cc2740
Merge pull request #56848 from CaoShuFeng/duplicated-validation-psp 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

remove duplicated validation from podsecuritypolicy

**Release note**:
```release-note
NONE
```
 2018-03-26 00:13:08 -07:00
Slava Semushin
cee37f2f72 Fix strategy name in the error messages. 2018-03-13 16:21:43 +01:00
Slava Semushin
3d4fa8a189 Modify PodSecurityPolicy admission plugin to additionally allow authorizing via "use" verb in policy API group. 2018-02-22 19:23:02 +01:00
Di Xu
48388fec7e fix all the typos across the project 2018-02-11 11:04:14 +08:00
Cao Shufeng
f95bc9289d fix assert.Equal argument order 
Reference:
https://godoc.org/github.com/stretchr/testify/assert#Equal
 2018-02-04 15:14:55 +08:00
Cao Shufeng
4b738a7b40 [PSP] always check validated policy first for update operation 
When update a pod with `kubernetes.io/psp` annotation set, we should
check this policy first. Because this saved policy is `usually` the
one we are looking for.
 2018-01-03 11:08:37 +08:00
Cao Shufeng
16999f172d remove duplicated validation from podsecuritypolicy 2017-12-05 19:13:44 +08:00
Slava Semushin
b1ae1d67b2 admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing shouldPassAdmit by a constant value. 2017-11-24 17:12:53 +01:00
Slava Semushin
2b95212ad3 admission_test.go(TestAdmitPreferNonmutating): simplify test by replacing expectedPodUser by a constant value. 2017-11-24 17:12:48 +01:00
Tim Allclair
9673235583
Optimize PSP authorization 2017-11-22 11:13:07 -08:00
Dr. Stefan Schimanski
3d5849fd54 admission: don't update psp annotation on update 2017-11-13 17:10:17 +01:00
Dr. Stefan Schimanski
b9efab0eb2 admission: split PodSecurityPolicy into mutating and validating part 2017-11-09 15:41:25 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Dr. Stefan Schimanski
2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Kubernetes Submit Queue
2d914ee703 Merge pull request #53984 from sttts/sttts-legacyscheme 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

pkg/api: extract Scheme/Registry/Codecs into pkg/api/legacyscheme

This serves as

- a preparation for the pkg/api->pkg/apis/core move
- and makes the dependency to the scheme explicit when vizualizing
  left depenncies.

The later helps with our our efforts to split up the monolithic repo
into self-contained sub-repos, e.g. for kubectl, controller-manager
and kube-apiserver in the future.
 2017-10-18 10:49:10 -07:00
Dr. Stefan Schimanski
7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
Slava Semushin
1a3a2d47c8 admission_test.go: remove unused createNamespaceForTest() and createSAForTest() functions. 2017-10-17 12:03:46 +02:00
Jordan Liggitt
8c5b01376a
PodSecurityPolicy: Order by name, prefer non-mutating policies, require *api.Pod, allow GC updates 2017-10-16 02:22:11 -04:00
Jordan Liggitt
abc7c077e1
PodSecurityPolicy: avoid unnecessary mutation of supplemental groups 2017-10-16 02:21:10 -04:00
Jordan Liggitt
b45b809f4c
PodSecurityPolicy: Do not mutate nil privileged field to false 2017-10-16 02:21:10 -04:00
Slava Semushin
9015a82692 PodSecurityPolicy.allowedCapabilities: add support for using * to allow to request any capabilities. 
Also modify "privileged" PSP to use it and allow privileged users to use
any capabilities.
 2017-09-06 12:18:09 +02:00
mbohlool
c91a12d205 Remove all references to types.UnixUserID and types.UnixGroupID 2017-06-21 04:09:07 -07:00
p0lyn0mial
d0e89577db Simply changed the names of packages of some admission plugins. 2017-06-05 22:23:42 +02:00
Jamie Hannaford
9440a68744 Use dedicated Unix User and Group ID types 2017-05-05 14:07:38 +02:00
Chao Xu
08aa712a6c move helpers.go to helper 2017-04-11 15:49:11 -07:00
Jordan Liggitt
5d839d0d0b
Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
Jordan Liggitt
829e6f6cfb
Include pod namespace in PSP 'use' authorization check 2017-03-24 15:14:52 -04:00
Jordan Liggitt
dd7561801a
Authorize PSP usage for pods without service accounts 2017-03-21 19:54:39 -04:00