kubernetes/v3 at 552fd7e85084b4cbd3ae8e81ff13433e28dc8327 - kubernetes - Gitea: Git with a cup of tea

github/kubernetes

Files

History

Shingo Omura 552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842 )

* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity

2024-05-29 15:40:29 -07:00

..

.well-known__openid-configuration_openapi.json

generated: Update OpenAPI

2022-03-29 17:49:56 -07:00

api__v1_openapi.json

KEP-3619: Fine-grained SupplementalGroups control (#117842 )

2024-05-29 15:40:29 -07:00

api_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__admissionregistration.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__admissionregistration.k8s.io__v1alpha1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__admissionregistration.k8s.io__v1beta1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__admissionregistration.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__apiextensions.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__apiextensions.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__apiregistration.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__apiregistration.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__apps__v1_openapi.json

KEP-3619: Fine-grained SupplementalGroups control (#117842 )

2024-05-29 15:40:29 -07:00

apis__apps_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__authentication.k8s.io__v1_openapi.json

Fix list_type_missing in api/authentication

2023-11-27 12:06:25 -08:00

apis__authentication.k8s.io__v1alpha1_openapi.json

Fix list_type_missing in api/authentication

2023-11-27 12:06:25 -08:00

apis__authentication.k8s.io__v1beta1_openapi.json

Fix list_type_missing in api/authentication

2023-11-27 12:06:25 -08:00

apis__authentication.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__authorization.k8s.io__v1_openapi.json

Fix list_type_missing in api/authorization

2023-11-27 12:06:26 -08:00

apis__authorization.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__autoscaling__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__autoscaling__v2_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__autoscaling_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__batch__v1_openapi.json

KEP-3619: Fine-grained SupplementalGroups control (#117842 )

2024-05-29 15:40:29 -07:00

apis__batch_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__certificates.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__certificates.k8s.io__v1alpha1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__certificates.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__coordination.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__coordination.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__discovery.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__discovery.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__events.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__events.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__flowcontrol.apiserver.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__flowcontrol.apiserver.k8s.io__v1beta3_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__flowcontrol.apiserver.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__internal.apiserver.k8s.io__v1alpha1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__internal.apiserver.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__networking.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__networking.k8s.io__v1alpha1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__networking.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__node.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__node.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__policy__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__policy_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__rbac.authorization.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__rbac.authorization.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__resource.k8s.io__v1alpha2_openapi.json

DRA: sync internal API doc comments

2024-04-22 14:18:45 +02:00

apis__resource.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__scheduling.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__scheduling.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__storage.k8s.io__v1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__storage.k8s.io__v1alpha1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__storage.k8s.io_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

apis__storagemigration.k8s.io__v1alpha1_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis__storagemigration.k8s.io_openapi.json

feat: implements Storage Version Migration API in-tree

2024-03-08 04:18:56 +00:00

apis_openapi.json

Fix "list_type_missing" API violations in meta/v1

2023-11-27 12:05:52 -08:00

logs_openapi.json

generated: Update OpenAPI

2022-03-29 17:49:56 -07:00

openid__v1__jwks_openapi.json

generated: Update OpenAPI

2022-03-29 17:49:56 -07:00

version_openapi.json

generated: Update OpenAPI

2022-03-29 17:49:56 -07:00