github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
07ef65a834
kubernetes/api/openapi-spec
History
Shingo Omura 552fd7e850
KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
2024-05-29 15:40:29 -07:00
..
v3 KEP-3619: Fine-grained SupplementalGroups control (#117842) 2024-05-29 15:40:29 -07:00
README.md Fix grammar in K8s OpenAPI spec doc 2022-06-14 21:29:23 -04:00
swagger.json KEP-3619: Fine-grained SupplementalGroups control (#117842) 2024-05-29 15:40:29 -07:00

README.md

Kubernetes's OpenAPI Specification

This folder contains an OpenAPI specification for Kubernetes API.

Vendor Extensions

Kubernetes extends OpenAPI using these extensions. Note the version that extensions have been added.

x-kubernetes-group-version-kind

Operations and Definitions may have x-kubernetes-group-version-kind if they are associated with a kubernetes resource.

For example:

"paths": {
    ...
    "/api/v1/namespaces/{namespace}/pods/{name}": {
        ...
        "get": {
        ...
            "x-kubernetes-group-version-kind": {
            "group": "",
            "version": "v1",
            "kind": "Pod"
            }
        }
    }
}

x-kubernetes-action

Operations and Definitions may have x-kubernetes-action if they are associated with a kubernetes resource. Action can be one of get, list, put, patch, post, delete, deletecollection, watch, watchlist, proxy, or connect.

For example:

"paths": {
    ...
    "/api/v1/namespaces/{namespace}/pods/{name}": {
        ...
        "get": {
        ...
            "x-kubernetes-action": "list"
        }
    }
}

x-kubernetes-patch-strategy and x-kubernetes-patch-merge-key

Some of the definitions may have these extensions. For more information about PatchStrategy and PatchMergeKey see strategic-merge-patch.