github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
54,653 Commits 1 Branch 31 Tags 1,019 MiB
d698404adc
Commit Graph

33 Commits

Author SHA1 Message Date
Chao Xu
bf6155b08c make admission plugins handle mutating spec of uninitialized pods 2017-08-17 12:51:09 -07:00
Andy Goldstein
9f95cf7b4f serviceaccount admission: return correct tokens 
Fix a bug in serviceaccount admission introduced when we switched
everything to use shared informers. That change accidentally reused the
list of secrets instead of creating a new one, resulting in all secrets
in the namespace being returned as possible service account tokens,
instead of limiting it only to the actual service account tokens, as it
did before the shared informer conversion. This also adds a unit test to
ensure there is no future regression here.
 2017-04-05 12:59:04 -04:00
deads2k
d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Andy Goldstein
022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
Eric Chiang
2bdaac5594 plugin/pkg/admission/serviceaccount: prefer first referenced secret 
When a pod uses a service account that references multiple secrets,
prefer the secrets in the order they're listed.

Without this change, the added test fails:

    --- FAIL: TestMultipleReferencedSecrets (0.00s)
            admission_test.go:832: expected first referenced secret to be mounted, got "token2"
 2017-01-25 10:42:39 -08:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
deads2k
77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Jordan Liggitt
29252acd1a Change rest storage Update interface to retrieve updated object 
Add OldObject to admission attributes

Update resthandler Patch/Update admission plumbing
 2016-05-23 21:09:26 -04:00
k8s-merge-robot
009ae748a5 Merge pull request #25830 from smarterclayton/init_container_psp 
Automatic merge from submit-queue

Add init containers to PSP admission

Treat them just like regular containers.

@pweil-
 2016-05-21 16:01:13 -07:00
Clayton Coleman
88b39cadf8
Have the service account controller force retry 
Service account controller, when API token not found, now sends 500 with
Retry-After: 1s. Also change the apiserver to actually write the error.
 2016-05-19 09:08:57 -04:00
Clayton Coleman
588f15844b
Add init container support to other admission controllers 2016-05-18 22:32:25 -04:00
deads2k
0061479890 fully qualify admission resources and kinds 2016-04-26 07:55:33 -04:00
deads2k
9d22f8b5a7 prevent disallowed secret refs from leaking via the downward API 2016-03-11 13:27:50 -05:00
Chao Xu
ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu
cddd7b56a4 replace client with clientset in kubelet and other places 2016-02-02 20:28:45 -08:00
deads2k
3f045cf168 udpate admission for API groups 2015-12-07 08:55:01 -05:00
deads2k
7ae4d4f424 allow enforcing SA mountable secrets per SA 2015-12-03 13:53:01 -05:00
Yu-Ju Hong
098ab05997 kubelet: move common types to kubelet/types 
This would faciliate tasks such as moving code in pkg/kubelet to sub packages.
 2015-10-08 14:38:01 -07:00
Kris Rousey
ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt
ecebac9395 Add option to require API tokens to exist in admission 2015-06-30 16:12:45 -04:00
derekwaynecarr
f6fb72ec51 Admission control attributes has access to resource name 2015-06-23 13:54:55 -04:00
Jeff Lowdermilk
0c7fbacfb1 Merge pull request #10052 from derekwaynecarr/admission_subresources 
Admission control exposes subresource
 2015-06-22 13:11:58 -07:00
Jordan Liggitt
68a8a25494 Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1 2015-06-18 22:38:00 -04:00
derekwaynecarr
fce7adf3e7 Admission control exposes subresource 2015-06-18 15:00:46 -04:00
deads2k
590bd048a5 add pull secrets to service accounts 2015-05-22 14:05:19 -04:00
Cesar Wong
68ad63b5e2 Add operation checking to admission control handlers 
Adds a new method to the handler interface that returns true only if the
admission control handler handles that operation.
 2015-05-21 13:51:43 -04:00
Paul Weil
aaeb1dad93 expose user info to admission controllers 2015-05-13 21:31:51 -04:00
Jordan Liggitt
7e14a80f63 ServiceAccount admission plugin 2015-05-11 17:18:06 -04:00