github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,284 Commits 1 Branch 31 Tags 1,019 MiB
f3a7aa7f92
Commit Graph

272 Commits

Author SHA1 Message Date
Jordan Liggitt
02139c9102
Deflake authz config reload test 2024-03-29 10:18:45 -04:00
Peter Hunt
49ee96eed4 pod security test: add user namespaces feature 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-03-07 15:56:06 -05:00
Kubernetes Prow Robot
46a2137c1b
Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics
 2024-03-04 14:09:30 -08:00
Jordan Liggitt
79b344d85e
Add authorization webhook duration/count/failopen metrics 2024-03-04 14:01:15 -05:00
Jordan Liggitt
0605a75c5e
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1 2024-03-02 02:00:31 -05:00
Kubernetes Prow Robot
8845c4c657
Merge pull request #123135 from munnerz/4193-beta-promotion 
KEP-4193: promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to beta
 2024-03-01 19:48:18 -08:00
Rita Zhang
e76fce7566
add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-03-01 14:41:27 -08:00
Kubernetes Prow Robot
df366107d1
Merge pull request #123529 from thockin/go-workspaces 
Go workspaces for k/k and k/staging/*
 2024-03-01 08:43:03 -08:00
Patrick Ohly
1d653e6185 test: use cancelation from ktesting 
The return type of ktesting.NewTestContext is now a TContext. Code
which combined it WithCancel often didn't compile anymore (cannot overwrite
ktesting.TContext with context.Context). This is a good thing because all of
that code can be simplified to let ktesting handle the cancelation.
 2024-03-01 07:51:22 +01:00
Tim Hockin
10c32b3e2f
Get rid of most references to GOPATH 2024-02-29 22:06:51 -08:00
Jordan Liggitt
d5d3eddb95
Add allowed/denied metrics for authorizers 2024-02-16 08:20:59 -05:00
Jordan Liggitt
5dc92ada06
Implement authz config file reloading 2024-02-14 18:09:15 -05:00
James Munnelly
105ec3d48f fix linter failures 2024-02-07 12:57:05 +00:00
James Munnelly
852c03a49b check key is set before deleting from map 2024-02-07 12:31:42 +00:00
James Munnelly
4d8c3530f5 fix regular bound service account token test 2024-02-07 12:30:33 +00:00
James Munnelly
dfc20d19c8 fix integration tests now JTI feature is enabled by default 2024-02-05 18:11:50 +00:00
carlory
57a5db8da3 remove feature-gate APISelfSubjectReview 2023-11-24 16:59:21 +08:00
Jordan Liggitt
b53134f129
Test anonymous and RBAC handling via config file 2023-11-08 14:36:05 -06:00
Jordan Liggitt
0112d91a05
Add multi-webhook integration test 2023-11-02 19:21:06 -04:00
James Munnelly
76463e21d4 KEP-4193: bound service account token improvements 2023-10-30 21:15:10 +00:00
Jordan Liggitt
a50d83c669
Add basic authz config integration test 2023-10-18 11:58:48 +05:30
Patrick Ohly
2472291790 api: introduce separate VolumeResourceRequirements struct 
PVC and containers shared the same ResourceRequirements struct to define their
API. When resource claims were added, that struct got extended, which
accidentally also changed the PVC API. To avoid such a mistake from happening
again, PVC now uses its own VolumeResourceRequirements struct.

The `Claims` field gets removed because risk of breaking someone is low:
theoretically, YAML files which have a claims field for volumes now
get rejected when validating against the OpenAPI. Such files
have never made sense and should be fixed.

Code that uses the struct definitions needs to be updated.
 2023-08-21 15:31:28 +02:00
Jordan Liggitt
39207dada2 Add integration test for node authorizer claim references 2023-07-13 20:42:21 +02:00
HirazawaUi
5289a7b029 fix fd leaks and failed file removing for test directory 2023-05-09 09:22:31 -05:00
Kante Yin
a7035f5459 Pass Context to StartTestServer 
Signed-off-by: Kante Yin <kerthcet@gmail.com>
 2023-05-04 10:25:09 +08:00
m.nabokikh
40de26dcff KEP-3325: Promote SelfSubjectReview to GA 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-05-02 14:50:40 +02:00
Patrick Ohly
a2fb32870f test/integration/auth: fix data race 
"username" gets read by one goroutine and written by another. Therefore it must
be protected by a mutex to avoid triggering the race detector.
 2023-04-05 16:11:38 +02:00
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Max Goltzsche
df8fa2eab5
bump go-jose to v2.6.0 
Update go-jose from v2.2.2 to v2.6.0.
This is to make the kubernetes code compatible with newer go-jose versions that have a small breaking change (`jwt.NewNumericDate()` returns a pointer).

Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
 2023-03-02 02:53:17 +01:00
Alexander Zielenski
9ef1fc543f skip special features in TestPodSecurityGAOnly 
was causing some alpha/beta features to be disabled after running sometimes
 2023-02-28 13:21:35 -08:00
TommyStarK
9e885bce35 test/integration: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-05 18:38:40 +01:00
Mengjiao Liu
a3d00c15b6 Remove ExpandPersistentVolumes feature gate 2022-12-15 11:43:50 +08:00
Mark Rossetti
498d065cc5
Promoting WindowsHostProcessContainers to stable 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2022-11-01 14:06:25 -07:00
Kubernetes Prow Robot
525280d285
Merge pull request #112643 from SergeyKanzhelev/removeDynamicKubeletConfig 
remove DynamicKubeletConfig feature gate from the code
 2022-10-12 01:33:00 -07:00
Wojciech Tyczyński
57c95fbfa1 Lock ServerSideApply feature to true 2022-09-27 13:48:28 +02:00
Sergey Kanzhelev
39e49a91d7 remove DynamicKubeletConfig feature gate from the code 2022-09-23 23:14:19 +00:00
Jordan Liggitt
e5c4c9b2c0
Make auth integation tests coexist with default API server config 2022-09-21 12:42:49 -04:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Wojciech Tyczyński
ab1038f0e0 Clean shutdown of auth integration tests 2022-07-19 11:34:02 +02:00
Wojciech Tyczyński
690d2f0101 Clean(er) shutdown of auth integration tests 2022-07-14 11:25:57 +02:00
Kubernetes Prow Robot
4b024fc4ee
Merge pull request #110459 from wangyysde/promote-pod-security-to-ga 
PodSecurity: promote config and feature gate to GA
 2022-06-15 14:41:22 -07:00
wangyysde
ab66a38194 PodSecurity: promote config and feature gate to GA 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2022-06-15 09:29:47 +08:00
Wojciech Tyczyński
ed442cc3dd Clean(er) shutdown of auth integration tests 2022-06-14 13:55:31 +02:00
Wojciech Tyczyński
8ef7dd49ee Clean shutdown of auth integration tests 2022-06-10 19:46:50 +02:00
Wojciech Tyczyński
6f706775bc Clean shutdown of test apiserver 2022-05-26 10:42:48 +02:00
Wojciech Tyczyński
deef9e40de Simplify Create/Delete-TestingNamespace functions 2022-05-15 23:06:26 +02:00
Wojciech Tyczyński
04b77f02ee Minor cleanup to use t.Run() in test/integration 2022-05-02 21:13:32 +02:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
Monis Khan
fef7d0ef1e
webhook: use rest.Config instead of kubeconfig file as input 
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-17 20:47:42 -04:00
Jordan Liggitt
92422a7305 set/validate object namespace before admission 2022-02-23 11:12:27 -05:00