github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,667 Commits 1 Branch 31 Tags 1,019 MiB
bc7aa13bf7
Commit Graph

31 Commits

Author SHA1 Message Date
Jordan Liggitt
5dc92ada06
Implement authz config file reloading 2024-02-14 18:09:15 -05:00
Jordan Liggitt
5f4cb8b09a
Move kube-apiserver authz validation functions 2024-02-14 10:00:11 -05:00
Jordan Liggitt
1f40e0916e
Only default mode to AlwaysAllow when config file is unspecified 2023-11-08 11:24:28 -06:00
Nabarun Pal
22e5a806a7
Add --authorization-config flag to apiserver 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2023-10-18 11:58:47 +05:30
Kubernetes Prow Robot
d22e315c4a
Merge pull request #120910 from palnabarun/3221/fix-kubeconfig-file-type-name 
staging/apiserver: correct KubeConfig type name in authorization types
 2023-10-17 18:50:33 +02:00
Nabarun Pal
2bf2c4f3a4
staging/apiserver: correct KubeConfigFile type in authorization types 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2023-10-17 20:01:27 +05:30
Nabarun Pal
3de0d9afbb
pkg/kubeapiserver: pass authorizer in top level while building from legacy options 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2023-10-04 14:17:16 +05:30
Dr. Stefan Schimanski
6395049176
controlplane: make option structs uniformly optional 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2023-09-27 11:22:37 +02:00
Nabarun Pal
108d195595
use AuthorizationConfiguration in kube-apiserver for storing authorizer config 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2023-09-18 11:33:18 +05:30
BinacsLee
80b43075c9 cleanup: use sets.Len() insead of len(sets.List()) 2022-07-21 20:13:30 +08:00
xiongzhongliang
4a24a08f93 Optimize some codes 2021-03-05 18:23:39 +08:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
yiduyangyi
e6c4633232 fix golint failures in pkg/kubeapiserver/options, fix some incorrect replace of receiver name 2020-07-23 19:02:07 +08:00
yiduyangyi
0520d75838 fix golint failures in pkg/kubeapiserver/options, rename receiver name of BuiltInAuthorizationOptions to o 2020-07-23 18:52:15 +08:00
yiduyangyi
e441c07fe2 fix golint failures in pkg/kubeapiserver/options, use API Server in commemts instead of APIServer 2020-07-23 18:41:37 +08:00
yiduyangyi
e2838df7c7 fix golint failures in pkg/kubeapiserver/options 2020-07-15 16:03:08 +08:00
Jordan Liggitt
dc0e51dd18 Plumb authorization webhook version from CLI to config 2019-11-18 23:58:05 -08:00
Jordan Liggitt
d54a70db5c Switch kubelet/aggregated API servers to use v1 subjectaccessreviews 2019-11-11 17:19:11 -05:00
mengyang02
da072063d1 to use existing validating function 2019-09-24 20:16:17 +08:00
lovejoy
d437305cbf
Fix the authorization-policy-file description 
Actually this is in a format like below not a csv format
```json
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "namespace": "*", "resource": "*","apiGroup": "*"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "namespace": "*", "resource": "ingresses","apiGroup": "extensions"}}
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:authenticated",  "namespace": "*", "resource": "*","apiGroup": "apiextensions.k8s.io"}}
```
 2018-12-24 14:54:34 +08:00
walter
2af982abb9 Fixes lint errors in kubeapiserver packages 
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
 2018-11-04 17:22:41 -08:00
Christoph Blecker
97b2992dc1
Update gofmt for go1.11 2018-10-05 12:59:38 -07:00
yue9944882
f624a4efb8 externalize node admission 
fixes internal pod annotation reference

completely strip internal informers from authz initialization
 2018-08-21 23:33:03 +08:00
hzxuzhonghu
755df0461d validate authorization flags in BuiltInAuthorizationOptions.Validate 2018-03-26 20:37:02 +08:00
junxu
8461d5f8d9 Remove deprecated paramter "authorization-rbac-super-user" 2018-03-15 02:22:55 -04:00
Jordan Liggitt
ba09fadecf
Plumb versioned informers to authz config 2018-01-16 23:30:53 -05:00
xiangpengzhao
420caf200c
Delete "hard-coded" default value in flags usage. 2017-04-07 11:21:37 +08:00
Jordan Liggitt
890894ac4f
Disable RBAC post-start hook if not using the RBAC authorizer 2017-03-30 23:30:04 -04:00
Andy Goldstein
022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Lucas Käldström
ab344da565
Move the authorization mode constants into a separate package 2017-02-23 15:27:16 +02:00
deads2k
a3564c0aa8 start kubeapiserver package for sharing between kubeapiserver and federation 2016-12-22 07:43:42 -05:00