github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
63,789 Commits 1 Branch 31 Tags 1,019 MiB
76920d88b2
Commit Graph

17 Commits

Author SHA1 Message Date
Michael Taufen
ab8dc12333 node authorizer sets up access rules for dynamic config 
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.

I also added some validation to the node strategy, which I discovered we
were missing while writing this.
 2018-03-27 08:49:45 -07:00
Mike Danese
b43cd7307d noderestriction: restrict nodes TokenRequest permission 
nodes should only be able to create TokenRequests if:
* token is bound to a pod
* binding has uid and name
* the pod exists
* the pod is running on that node
 2018-02-26 13:46:19 -08:00
Dr. Stefan Schimanski
4e0114b0dd apiserver: make SecureServingOptions and authz/n options re-usable 2018-02-13 11:16:38 +01:00
NickrenREN
7b9d2c046f Use v1beta1 VolumeAttachment 2018-01-31 18:46:11 +08:00
Jordan Liggitt
ecfd18e2a6
Add get volumeattachments support to Node authorizer 2018-01-17 00:00:18 -05:00
Jordan Liggitt
ba09fadecf
Plumb versioned informers to authz config 2018-01-16 23:30:53 -05:00
Eric Chiang
ce0a8303d6 integration: add retries to node authorizer tests 2018-01-10 15:55:18 -08:00
Hemant Kumar
1b76b0b2ff Allow node to update PVC's status 
Implement node policy feature gates
Add tests for node policy update
 2017-11-22 14:32:50 -05:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Dr. Stefan Schimanski
7773a30f67 pkg/api/legacyscheme: fixup imports 2017-10-18 17:23:55 +02:00
xilabao
f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Huamin Chen
4525446af2 azure file volume: add secret namespace api 
Signed-off-by: Huamin Chen <hchen@redhat.com>
 2017-08-24 14:49:58 +00:00
Jordan Liggitt
d65610bf2f
Remove default binding of system:node role to system:nodes group 2017-07-26 13:53:14 -04:00
Daniel Fernandes Martins
81ba522bbe Make NodeRestriction admission allow evictions for bounded pods 2017-07-20 14:20:03 -03:00
Eric Chiang
e2f2ab67f2 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
 2017-07-18 16:03:15 -07:00
Jordan Liggitt
fc8e915a4b
Add Node authorization mode based on graph of node-related objects 2017-05-30 16:53:03 -04:00