github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9ec88d0d45a7273bfbac70ad51279112eeeda00a
kubernetes/api/openapi-spec
History
Kubernetes Submit Queue 7d5dc528a0 Merge pull request #54013 from vladimirvivien/scaleio-secret-multi-tenancy 
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

ScaleIO - Ability to specify Secret's name and namespace 

**What this PR does / why we need it**:
This PR is to decouple the ScaleIO secret from the same namespace as that of the StorageClass/PVC/PV that uses it (#53619). Currently, authorized non-admin k8s user, who creates volumes, may end up having unauthorized access to ScaleIO secret information.  This PR introduces secret parameter that allows specification of secret's namespace.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #53619 

**Release note**:
```release-note
ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the `secretNamespace` storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the value `default`
```
2017-10-26 13:24:34 -07:00
..
BUILD
Enable auto-generating sources rules
2017-01-05 14:14:13 -08:00
README.md
update readme about strategic-merge-patch
2017-10-19 23:59:07 +08:00
swagger.json
Merge pull request #54013 from vladimirvivien/scaleio-secret-multi-tenancy
2017-10-26 13:24:34 -07:00

README.md

Kubernetes's OpenAPI Specification

This folder contains an [OpenAPI specification][openapi] for Kubernetes API.

Vendor Extensions

Kuberntes extends OpenAPI using these extensions. Note the version that extensions has been added.

x-kubernetes-group-version-kind

Operations and Definitions may have x-kubernetes-group-version-kind if they are associated with a kubernetes resource.

For example:

"paths": {
    ...
    "/api/v1/namespaces/{namespace}/pods/{name}": {
        ...
        "get": {
        ...
            "x-kubernetes-group-version-kind": {
            "group": "",
            "version": "v1",
            "kind": "Pod"
            }
        }
    }
}

x-kubernetes-action

Operations and Definitions may have x-kubernetes-action if they are associated with a kubernetes resource. Action can be one of get, list, put, patch, post, delete, deletecollection, watch, watchlist, proxy, or connect.

For example:

"paths": {
    ...
    "/api/v1/namespaces/{namespace}/pods/{name}": {
        ...
        "get": {
        ...
            "x-kubernetes-action": "list"
        }
    }
}

x-kubernetes-patch-strategy and x-kubernetes-patch-merge-key

Some of the definitions may have these extensions. For more information about PatchStrategy and PatchMergeKey see [strategic-merge-patch] (https://github.com/kubernetes/community/blob/master/contributors/devel/strategic-merge-patch.md).

Reference in New Issue View Git Blame Copy Permalink