github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
123,306 Commits 1 Branch 31 Tags
bde9b64cdfbbbb185593c20fea84cdced631ffd6
Commit Graph

276 Commits

Author SHA1 Message Date
Patrick Ohly
bde9b64cdf DRA: remove "source" indirection from v1 Pod API 
This makes the API nicer:

    resourceClaims:
    - name: with-template
      resourceClaimTemplateName: test-inline-claim-template
    - name: with-claim
      resourceClaimName: test-shared-claim

Previously, this was:

    resourceClaims:
    - name: with-template
      source:
        resourceClaimTemplateName: test-inline-claim-template
    - name: with-claim
      source:
        resourceClaimName: test-shared-claim

A more long-term benefit is that other, future alternatives
might not make sense under the "source" umbrella.

This is a breaking change. It's justified because DRA is still
alpha and will have several other API breaks in 1.31.
 2024-06-27 17:53:24 +02:00
Jordan Liggitt
c50f68d6ee Fix structured authorization webhook timeout wiring 2024-06-19 15:36:36 -04:00
Dr. Stefan Schimanski
e37917fea7 pkg/controlplane: split up config into generic controlplane and kube-related part 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-04-26 14:14:06 +02:00
Marek Siarkowicz
3ee8178768 Cleanup defer from SetFeatureGateDuringTest function call 2024-04-24 20:25:29 +02:00
Jordan Liggitt
02139c9102 Deflake authz config reload test 2024-03-29 10:18:45 -04:00
Peter Hunt
49ee96eed4 pod security test: add user namespaces feature 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-03-07 15:56:06 -05:00
Kubernetes Prow Robot
46a2137c1b Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics
 2024-03-04 14:09:30 -08:00
Jordan Liggitt
79b344d85e Add authorization webhook duration/count/failopen metrics 2024-03-04 14:01:15 -05:00
Jordan Liggitt
0605a75c5e Duplicate v1alpha1 AuthorizationConfiguration to v1beta1 2024-03-02 02:00:31 -05:00
Kubernetes Prow Robot
8845c4c657 Merge pull request #123135 from munnerz/4193-beta-promotion 
KEP-4193: promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to beta
 2024-03-01 19:48:18 -08:00
Rita Zhang
e76fce7566 add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-03-01 14:41:27 -08:00
Kubernetes Prow Robot
df366107d1 Merge pull request #123529 from thockin/go-workspaces 
Go workspaces for k/k and k/staging/*
 2024-03-01 08:43:03 -08:00
Patrick Ohly
1d653e6185 test: use cancelation from ktesting 
The return type of ktesting.NewTestContext is now a TContext. Code
which combined it WithCancel often didn't compile anymore (cannot overwrite
ktesting.TContext with context.Context). This is a good thing because all of
that code can be simplified to let ktesting handle the cancelation.
 2024-03-01 07:51:22 +01:00
Tim Hockin
10c32b3e2f Get rid of most references to GOPATH 2024-02-29 22:06:51 -08:00
Jordan Liggitt
d5d3eddb95 Add allowed/denied metrics for authorizers 2024-02-16 08:20:59 -05:00
Jordan Liggitt
5dc92ada06 Implement authz config file reloading 2024-02-14 18:09:15 -05:00
James Munnelly
105ec3d48f fix linter failures 2024-02-07 12:57:05 +00:00
James Munnelly
852c03a49b check key is set before deleting from map 2024-02-07 12:31:42 +00:00
James Munnelly
4d8c3530f5 fix regular bound service account token test 2024-02-07 12:30:33 +00:00
James Munnelly
dfc20d19c8 fix integration tests now JTI feature is enabled by default 2024-02-05 18:11:50 +00:00
carlory
57a5db8da3 remove feature-gate APISelfSubjectReview 2023-11-24 16:59:21 +08:00
Jordan Liggitt
b53134f129 Test anonymous and RBAC handling via config file 2023-11-08 14:36:05 -06:00
Jordan Liggitt
0112d91a05 Add multi-webhook integration test 2023-11-02 19:21:06 -04:00
James Munnelly
76463e21d4 KEP-4193: bound service account token improvements 2023-10-30 21:15:10 +00:00
Jordan Liggitt
a50d83c669 Add basic authz config integration test 2023-10-18 11:58:48 +05:30
Patrick Ohly
2472291790 api: introduce separate VolumeResourceRequirements struct 
PVC and containers shared the same ResourceRequirements struct to define their
API. When resource claims were added, that struct got extended, which
accidentally also changed the PVC API. To avoid such a mistake from happening
again, PVC now uses its own VolumeResourceRequirements struct.

The `Claims` field gets removed because risk of breaking someone is low:
theoretically, YAML files which have a claims field for volumes now
get rejected when validating against the OpenAPI. Such files
have never made sense and should be fixed.

Code that uses the struct definitions needs to be updated.
 2023-08-21 15:31:28 +02:00
Jordan Liggitt
39207dada2 Add integration test for node authorizer claim references 2023-07-13 20:42:21 +02:00
HirazawaUi
5289a7b029 fix fd leaks and failed file removing for test directory 2023-05-09 09:22:31 -05:00
Kante Yin
a7035f5459 Pass Context to StartTestServer 
Signed-off-by: Kante Yin <kerthcet@gmail.com>
 2023-05-04 10:25:09 +08:00
m.nabokikh
40de26dcff KEP-3325: Promote SelfSubjectReview to GA 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-05-02 14:50:40 +02:00
Patrick Ohly
a2fb32870f test/integration/auth: fix data race 
"username" gets read by one goroutine and written by another. Therefore it must
be protected by a mutex to avoid triggering the race detector.
 2023-04-05 16:11:38 +02:00
Maksim Nabokikh
c1431af4f8 KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Max Goltzsche
df8fa2eab5 bump go-jose to v2.6.0 
Update go-jose from v2.2.2 to v2.6.0.
This is to make the kubernetes code compatible with newer go-jose versions that have a small breaking change (`jwt.NewNumericDate()` returns a pointer).

Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
 2023-03-02 02:53:17 +01:00
Alexander Zielenski
9ef1fc543f skip special features in TestPodSecurityGAOnly 
was causing some alpha/beta features to be disabled after running sometimes
 2023-02-28 13:21:35 -08:00
TommyStarK
9e885bce35 test/integration: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-05 18:38:40 +01:00
Mengjiao Liu
a3d00c15b6 Remove ExpandPersistentVolumes feature gate 2022-12-15 11:43:50 +08:00
Mark Rossetti
498d065cc5 Promoting WindowsHostProcessContainers to stable 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2022-11-01 14:06:25 -07:00
Kubernetes Prow Robot
525280d285 Merge pull request #112643 from SergeyKanzhelev/removeDynamicKubeletConfig 
remove DynamicKubeletConfig feature gate from the code
 2022-10-12 01:33:00 -07:00
Wojciech Tyczyński
57c95fbfa1 Lock ServerSideApply feature to true 2022-09-27 13:48:28 +02:00
Sergey Kanzhelev
39e49a91d7 remove DynamicKubeletConfig feature gate from the code 2022-09-23 23:14:19 +00:00
Jordan Liggitt
e5c4c9b2c0 Make auth integation tests coexist with default API server config 2022-09-21 12:42:49 -04:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Wojciech Tyczyński
ab1038f0e0 Clean shutdown of auth integration tests 2022-07-19 11:34:02 +02:00
Wojciech Tyczyński
690d2f0101 Clean(er) shutdown of auth integration tests 2022-07-14 11:25:57 +02:00
Kubernetes Prow Robot
4b024fc4ee Merge pull request #110459 from wangyysde/promote-pod-security-to-ga 
PodSecurity: promote config and feature gate to GA
 2022-06-15 14:41:22 -07:00
wangyysde
ab66a38194 PodSecurity: promote config and feature gate to GA 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2022-06-15 09:29:47 +08:00
Wojciech Tyczyński
ed442cc3dd Clean(er) shutdown of auth integration tests 2022-06-14 13:55:31 +02:00
Wojciech Tyczyński
8ef7dd49ee Clean shutdown of auth integration tests 2022-06-10 19:46:50 +02:00
Wojciech Tyczyński
6f706775bc Clean shutdown of test apiserver 2022-05-26 10:42:48 +02:00
Wojciech Tyczyński
deef9e40de Simplify Create/Delete-TestingNamespace functions 2022-05-15 23:06:26 +02:00