github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93,054 Commits 1 Branch 31 Tags 1,019 MiB
479249b3a3
Commit Graph

116 Commits

Author SHA1 Message Date
Jordan Liggitt
0d6e877de2
Add automountServiceAccountToken field to PodSpec and ServiceAccount types 2017-02-15 16:04:09 -05:00
Kubernetes Submit Queue
e9819106e0 Merge pull request #40467 from liggitt/serviceaccount-owners 
Automatic merge from submit-queue

Add serviceaccount owners files

Poor @derekwaynecarr is the sole approver/reviewer for the entire admission package.

This adds OWNERS files for service account controller and admission packages
 2017-01-25 15:07:59 -08:00
Jordan Liggitt
ecb632abc4
Add serviceaccount owners files 2017-01-25 15:42:15 -05:00
Eric Chiang
2bdaac5594 plugin/pkg/admission/serviceaccount: prefer first referenced secret 
When a pod uses a service account that references multiple secrets,
prefer the secrets in the order they're listed.

Without this change, the added test fails:

    --- FAIL: TestMultipleReferencedSecrets (0.00s)
            admission_test.go:832: expected first referenced secret to be mounted, got "token2"
 2017-01-25 10:42:39 -08:00
deads2k
b0b156b381 make tools/cache authoritative 2017-01-25 08:29:45 -05:00
Clayton Coleman
469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k
11e8068d3f move pkg/fields to apimachinery 2017-01-19 09:50:16 -05:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
deads2k
a3e71b2cef move name generation to generic api server storage helpers 2017-01-16 16:04:04 -05:00
deads2k
77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Mike Danese
161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Wojciech Tyczynski
aa7da5231f Update bazel files 2016-12-09 09:42:02 +01:00
Wojciech Tyczynski
e8d1cba875 GetOptions in client calls 2016-12-09 09:42:01 +01:00
Clayton Coleman
35a6bfbcee
generated: refactor 2016-11-23 22:30:47 -06:00
Chao Xu
bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00
Chao Xu
1044aa4500 plugin/admission; including resourcequota admission 2016-11-23 15:53:09 -08:00
Mike Danese
3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
derekwaynecarr
a672a986e3 Admission control errors should have consistent lower casing 2016-08-08 10:31:23 -04:00
Davanum Srinivas
2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Jordan Liggitt
29252acd1a Change rest storage Update interface to retrieve updated object 
Add OldObject to admission attributes

Update resthandler Patch/Update admission plumbing
 2016-05-23 21:09:26 -04:00
k8s-merge-robot
009ae748a5 Merge pull request #25830 from smarterclayton/init_container_psp 
Automatic merge from submit-queue

Add init containers to PSP admission

Treat them just like regular containers.

@pweil-
 2016-05-21 16:01:13 -07:00
Clayton Coleman
88b39cadf8
Have the service account controller force retry 
Service account controller, when API token not found, now sends 500 with
Retry-After: 1s. Also change the apiserver to actually write the error.
 2016-05-19 09:08:57 -04:00
Clayton Coleman
588f15844b
Add init container support to other admission controllers 2016-05-18 22:32:25 -04:00
deads2k
0061479890 fully qualify admission resources and kinds 2016-04-26 07:55:33 -04:00
deads2k
9d22f8b5a7 prevent disallowed secret refs from leaking via the downward API 2016-03-11 13:27:50 -05:00
Kris
e664ef922f Move restclient to its own package 2016-02-29 12:05:13 -08:00
Chao Xu
ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu
184440f8ef rename release_1_2 to internalclientset 2016-02-05 14:02:28 -08:00
Chao Xu
1b047f8e67 rename legacy to core 2016-02-04 14:26:56 -08:00
Chao Xu
f9f5736b01 grep sed 2016-02-03 13:06:07 -08:00
Chao Xu
cddd7b56a4 replace client with clientset in kubelet and other places 2016-02-02 20:28:45 -08:00
Clayton Coleman
9dad7e624c Split the serviceaccount package into two parts 
Public utility methods and JWT parsing, and controller specific logic.
Also remove the coupling between ServiceAccountTokenGetter and the
authenticator class.
 2015-12-26 21:28:12 -05:00
Wojciech Tyczynski
960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Wojciech Tyczynski
a915b8b29a Merge pull request #18080 from wojtek-t/list_options_in_listwatch 
Pass ListOptions to List in ListWatch.
 2015-12-09 14:27:51 +01:00
deads2k
3f045cf168 udpate admission for API groups 2015-12-07 08:55:01 -05:00
Wojciech Tyczynski
b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
deads2k
7ae4d4f424 allow enforcing SA mountable secrets per SA 2015-12-03 13:53:01 -05:00
Wojciech Tyczynski
6dcb689d4e Simplify List() signature in clients. 2015-12-03 09:54:07 +01:00
k8s-merge-robot
8a8639d7af Merge pull request #17863 from wojtek-t/only_list_options_in_watch 
Auto commit by PR queue bot
 2015-12-02 06:28:28 -08:00
Wojciech Tyczynski
8343c8ce6c Pass ListOptions to List() methods. 2015-12-01 15:00:36 +01:00
Wojciech Tyczynski
d2dfc912e6 Simplify Watch() signature in clients. 2015-12-01 14:19:26 +01:00
Wojciech Tyczynski
b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Wojciech Tyczynski
d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Wojciech Tyczynski
f4d75e0a0a Support timeout in watch requests 2015-10-24 13:12:49 +02:00
Yu-Ju Hong
098ab05997 kubelet: move common types to kubelet/types 
This would faciliate tasks such as moving code in pkg/kubelet to sub packages.
 2015-10-08 14:38:01 -07:00
deads2k
32a495acb6 add helper methods for SA token secret checks 2015-09-17 07:50:09 -04:00
Daniel Smith
b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith
15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
tummychow
78ce5da988 Move util.StringSet into its own package 
A lot of packages use StringSet, but they don't use anything else from
the util package. Moving StringSet into another package will shrink
their dependency trees significantly.
 2015-09-10 12:04:15 -07:00
Kris Rousey
ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt
ecebac9395 Add option to require API tokens to exist in admission 2015-06-30 16:12:45 -04:00
derekwaynecarr
f6fb72ec51 Admission control attributes has access to resource name 2015-06-23 13:54:55 -04:00
Jeff Lowdermilk
0c7fbacfb1 Merge pull request #10052 from derekwaynecarr/admission_subresources 
Admission control exposes subresource
 2015-06-22 13:11:58 -07:00
Jordan Liggitt
68a8a25494 Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1 2015-06-18 22:38:00 -04:00
derekwaynecarr
fce7adf3e7 Admission control exposes subresource 2015-06-18 15:00:46 -04:00
deads2k
590bd048a5 add pull secrets to service accounts 2015-05-22 14:05:19 -04:00
Cesar Wong
68ad63b5e2 Add operation checking to admission control handlers 
Adds a new method to the handler interface that returns true only if the
admission control handler handles that operation.
 2015-05-21 13:51:43 -04:00
Paul Weil
aaeb1dad93 expose user info to admission controllers 2015-05-13 21:31:51 -04:00
Jordan Liggitt
7e14a80f63 ServiceAccount admission plugin 2015-05-11 17:18:06 -04:00