github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
939b962975
kubernetes/pkg
History
Kubernetes Submit Queue 3b9eb1a875 Merge pull request #43876 from caesarxuchao/blockOwnerDeletion-admission 
Automatic merge from submit-queue (batch tested with PRs 44440, 44038, 44302, 44316, 43876)

Extend the gc admission plugin to check ownerReference.blockOwnerDeletion

#Extend the gc admission plugin to prevent user who doesn't have delete permission of the *owner* from changing blockOwnerDeletion field of existing ownerReferences, or adding ownerReference with blockOwnerDeletion=true.

The plugin need a RESTMapper to translate ownerRef.Kind to Resource. It should be using a dynamic one. However, as discussed in https://github.com/kubernetes/kubernetes/pull/42615, such a RESTMapper will be built after watchable discovery API is implemented, so in this PR the plugin is using the `api.Registry.RESTMapper()`, which is also [used](https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-controller-manager/app/core.go#L165-L166) by the garbage collector currently.

```release-note
Extending the gc admission plugin so that a user who doesn't have delete permission of the *owner* cannot modify blockOwnerDeletion field of existing ownerReferences, or add new ownerReference with blockOwnerDeletion=true
```

cc @lavalamp
2017-04-13 23:18:06 -07:00
..
api Merge pull request #44302 from caesarxuchao/move-resource_helpers.go 2017-04-13 23:18:03 -07:00
apimachinery/tests make unstructured items correspond to other items for storage 2017-04-11 08:44:16 -04:00
apis Merge pull request #44038 from soltysh/batch_docs 2017-04-13 23:18:01 -07:00
auth Fix abac oplicy example file 2017-02-27 07:24:57 -05:00
bootstrap/api kubeadm: Implement the kubeadm token command fully and move it out of the experimental subsection 2017-02-27 12:56:03 +02:00
capabilities Fix comment for method SetForTests 2017-02-14 17:16:49 +08:00
client Merge pull request #44302 from caesarxuchao/move-resource_helpers.go 2017-04-13 23:18:03 -07:00
cloudprovider Merge pull request #42395 from nicksardo/gce-src-ranges 2017-04-12 19:57:43 -07:00
controller Merge pull request #43939 from FengyunPan/remove-nameIndexFunc 2017-04-13 22:07:07 -07:00
conversion
credentialprovider add vendor dirs for rancher credential provider 2017-03-27 16:44:15 -07:00
features Move taint eviction feature flag to feature-gates 2017-03-08 10:04:18 +01:00
fieldpath Merge pull request #39678 from resouer/extract-resource 2017-04-07 17:44:14 -07:00
fields
generated Generated changes for docs in batch types.go 2017-04-13 14:15:19 +02:00
hyperkube
kubeapiserver Merge pull request #43876 from caesarxuchao/blockOwnerDeletion-admission 2017-04-13 23:18:06 -07:00
kubectl Merge pull request #44299 from caesarxuchao/move-ref.go 2017-04-13 19:52:11 -07:00
kubelet Merge pull request #41543 from dshulyak/decouple_remotecommand 2017-04-13 19:52:05 -07:00
kubemark Use shared informers for proxy endpoints and service configs 2017-04-04 12:51:41 -04:00
labels
master move legacy insecure options out of the main flow 2017-03-27 14:07:54 -04:00
metrics Update to use proxy subresource consistently 2017-02-13 22:05:00 -05:00
printers Merge pull request #44316 from xiangpengzhao/print-node-addr 2017-04-13 23:18:05 -07:00
probe Add support for attacher/detacher interface in Flex volume 2017-02-24 20:18:06 -05:00
proxy move ref.go to its own subpackage 2017-04-13 10:02:43 -07:00
quota move helpers.go to helper 2017-04-11 15:49:11 -07:00
registry Merge pull request #44302 from caesarxuchao/move-resource_helpers.go 2017-04-13 23:18:03 -07:00
routes allow fallthrough handling from go-restful routes 2017-03-21 13:19:28 -04:00
runtime
security move helpers.go to helper 2017-04-11 15:49:11 -07:00
securitycontext securitycontext: move docker-specific logic into kubelet/dockertools 2017-01-27 12:25:46 -08:00
serviceaccount Move Private Key parsing to k8s.io/client-go/util/cert 2017-02-03 17:41:34 -08:00
ssh
types
util Merge pull request #41543 from dshulyak/decouple_remotecommand 2017-04-13 19:52:05 -07:00
version
volume Merge pull request #43866 from kerneltime/patch-1 2017-04-10 13:40:35 -07:00
watch
BUILD Regenerate everything 2017-03-02 08:56:26 +01:00
OWNERS