github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
90,326 Commits 1 Branch 31 Tags 1,019 MiB
59a28111be
Commit Graph

50 Commits

Author SHA1 Message Date
m.nabokikh
ea32811cbd Fix service account names with a dot 
This fix provides the ability to mount service account tokens to pods. The core problem is the volumeName option can't contain any dots.
 2020-03-31 21:42:04 +04:00
Jordan Liggitt
39e373fc45 Do not require token secrets when using bound service account tokens 2020-01-09 13:20:45 -05:00
David Eads
83f6f2717e remove global variable dep in admission 2019-11-12 10:55:14 -05:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Kubernetes Prow Robot
b8eecd671d
Merge pull request #69941 from miguelbernadi/fix-golint-issues-68026 
Fix golint issues in plugin/pkg/admission
 2019-05-30 08:38:26 -07:00
Joe Betz
cc2e3616f0 Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 2019-05-28 15:10:22 -07:00
Miguel Bernabeu
f47da8a75d Fix golint violations in several plugins 2019-05-23 20:00:06 +02:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
Mehdy Bohlool
d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
Jordan Liggitt
17aa60686e Deprecate and remove use of alpha metadata.initializers field, remove IncludeUninitialized options 2019-01-23 16:34:43 -05:00
Mike Danese
1244ee6651 migrate service account volume to a projected volume 
When BoundServiceAccountTokenVolume feature is enabled.
 2018-11-16 19:32:44 +00:00
yue9944882
17306b540b externalize serviceaacount admission controller 
remove unused internal serviceaccount util
 2018-08-22 11:41:54 +08:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Mike Danese
91feb345aa implement service account token projection 2018-06-04 17:22:08 -07:00
Joe Betz
9d13d1baec Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 2017-11-14 10:46:43 -08:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Chao Xu
bf6155b08c make admission plugins handle mutating spec of uninitialized pods 2017-08-17 12:51:09 -07:00
Andy Goldstein
9f95cf7b4f serviceaccount admission: return correct tokens 
Fix a bug in serviceaccount admission introduced when we switched
everything to use shared informers. That change accidentally reused the
list of secrets instead of creating a new one, resulting in all secrets
in the namespace being returned as possible service account tokens,
instead of limiting it only to the actual service account tokens, as it
did before the shared informer conversion. This also adds a unit test to
ensure there is no future regression here.
 2017-04-05 12:59:04 -04:00
deads2k
d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Andy Goldstein
022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Eric Chiang
2bdaac5594 plugin/pkg/admission/serviceaccount: prefer first referenced secret 
When a pod uses a service account that references multiple secrets,
prefer the secrets in the order they're listed.

Without this change, the added test fails:

    --- FAIL: TestMultipleReferencedSecrets (0.00s)
            admission_test.go:832: expected first referenced secret to be mounted, got "token2"
 2017-01-25 10:42:39 -08:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
deads2k
77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Jordan Liggitt
29252acd1a Change rest storage Update interface to retrieve updated object 
Add OldObject to admission attributes

Update resthandler Patch/Update admission plumbing
 2016-05-23 21:09:26 -04:00
k8s-merge-robot
009ae748a5 Merge pull request #25830 from smarterclayton/init_container_psp 
Automatic merge from submit-queue

Add init containers to PSP admission

Treat them just like regular containers.

@pweil-
 2016-05-21 16:01:13 -07:00
Clayton Coleman
88b39cadf8
Have the service account controller force retry 
Service account controller, when API token not found, now sends 500 with
Retry-After: 1s. Also change the apiserver to actually write the error.
 2016-05-19 09:08:57 -04:00
Clayton Coleman
588f15844b
Add init container support to other admission controllers 2016-05-18 22:32:25 -04:00
deads2k
0061479890 fully qualify admission resources and kinds 2016-04-26 07:55:33 -04:00
deads2k
9d22f8b5a7 prevent disallowed secret refs from leaking via the downward API 2016-03-11 13:27:50 -05:00
Chao Xu
ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu
cddd7b56a4 replace client with clientset in kubelet and other places 2016-02-02 20:28:45 -08:00
deads2k
3f045cf168 udpate admission for API groups 2015-12-07 08:55:01 -05:00
deads2k
7ae4d4f424 allow enforcing SA mountable secrets per SA 2015-12-03 13:53:01 -05:00
Yu-Ju Hong
098ab05997 kubelet: move common types to kubelet/types 
This would faciliate tasks such as moving code in pkg/kubelet to sub packages.
 2015-10-08 14:38:01 -07:00
Kris Rousey
ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt
ecebac9395 Add option to require API tokens to exist in admission 2015-06-30 16:12:45 -04:00
derekwaynecarr
f6fb72ec51 Admission control attributes has access to resource name 2015-06-23 13:54:55 -04:00
Jeff Lowdermilk
0c7fbacfb1 Merge pull request #10052 from derekwaynecarr/admission_subresources 
Admission control exposes subresource
 2015-06-22 13:11:58 -07:00
Jordan Liggitt
68a8a25494 Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1 2015-06-18 22:38:00 -04:00
derekwaynecarr
fce7adf3e7 Admission control exposes subresource 2015-06-18 15:00:46 -04:00
deads2k
590bd048a5 add pull secrets to service accounts 2015-05-22 14:05:19 -04:00
Cesar Wong
68ad63b5e2 Add operation checking to admission control handlers 
Adds a new method to the handler interface that returns true only if the
admission control handler handles that operation.
 2015-05-21 13:51:43 -04:00
Paul Weil
aaeb1dad93 expose user info to admission controllers 2015-05-13 21:31:51 -04:00
Jordan Liggitt
7e14a80f63 ServiceAccount admission plugin 2015-05-11 17:18:06 -04:00