github-personal/kubernetes
1
0
Fork 0
mirror of https://github.com/outbackdingo/kubernetes.git synced 2026-01-27 10:19:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
131,921 Commits 1 Branch 0 Tags
master
Commit Graph

269 Commits

Author SHA1 Message Date
Anish Ramasekar
b9dd2fdec0 credentialprovider: track service account cred source in ext provider keyring 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-18 16:38:23 -05:00
Anish Ramasekar
d6e85b504d Add kubelet_credential_provider_config_info metric 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-17 20:30:06 -05:00
Kubernetes Prow Robot
394f412767 Merge pull request #132617 from aramase/aramase/f/kep_4412_pod_cache_key_type 
Add ServiceAccountTokenCacheType support to credential provider plugin
 2025-07-15 10:56:45 -07:00
xiaoweim
740e568468 address review comments 2025-07-14 18:13:00 +00:00
xiaoweim
61542e7a98 Cleanup: Remove field name from invalid field detail message 2025-07-14 18:13:00 +00:00
Anish Ramasekar
7e37711d6e kubelet: Add service account UID to token cache key for proper invalidation 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-10 23:20:27 -05:00
Anish Ramasekar
4d2566eb5a credentialprovider: wire in service account mode cache type 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-10 14:50:54 -05:00
Anish Ramasekar
03db2278d5 kubelet: Add CacheType field to ServiceAccountTokenAttributes with validation 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-10 14:50:51 -05:00
Kubernetes Prow Robot
2a4b5f6476 Merge pull request #132314 from thockin/jp_nicer_api_errors 
Nicer value rendering in API errors
 2025-07-03 01:33:33 -07:00
xiaoweim
8632257c93 Cleanup: Remove redundant detail messages in field.Required 2025-06-26 21:24:43 +00:00
Tim Hockin
4ca91a0305 WIP: Fix tests 
Notes:
* For types that define String() - should we prefer that or JSON?
* metav1.Time has a MarshalJSON() and inhereits a String() and they are
  different
* Since validation runs on internal types, we still get some GoNames
  instead of goNames.
 2025-06-19 10:11:17 +09:00
Davanum Srinivas
be6807e6a5 Allow specifying a directory for image credential providers json/yaml configuration 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-05-29 09:42:26 -04:00
Kubernetes Prow Robot
fcb2418f7b Merge pull request #128152 from stlaz/ensure-secret-images 
Multi-tenancy in accessing node images via Pod API
 2025-03-17 07:09:49 -07:00
Kubernetes Prow Robot
687a2f0d87 Merge pull request #130763 from aramase/aramase/t/kep_4412_alpha_plugin_unit_tests 
Add unit tests for credential provider in service account mode
 2025-03-14 13:39:50 -07:00
Anish Ramasekar
95d411382f Fix comment for GetServiceAccountFunc type 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-14 11:21:58 -07:00
Anish Ramasekar
01302639f5 Add unit tests for credential provider in service account mode 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-14 11:21:08 -07:00
Stanislav Láznička
cb7468b077 kubelet imagepuller: PullImage() - accept TrackAuthConfigs directly 
The image puller's PullImage() method should be just a dumb pull
without any further logic. Make it accept everything it needs
to pull an image and defer any other magic to the image manager.
 2025-03-14 10:47:54 +01:00
Stanislav Láznička
09284d926c credentialprovider: track kube secrets as creds sources in DockerKeyrings 2025-03-14 10:47:53 +01:00
Monis Khan
987bdd9e46 Sync pkg/credentialprovider/OWNERS with k8s.io/client-go/tools/auth/OWNERS 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2025-03-13 06:53:50 -04:00
Anish Ramasekar
b27735be2e Define type alias for getServiceAccount function 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-12 10:08:46 -07:00
Anish Ramasekar
ad8666ce88 Update credential provider plugin to support using service account token 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-11 20:36:32 -07:00
Anish Ramasekar
9a331bbf59 credential provider config: validate duplicate names early and preserve provider order 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-01-16 15:26:47 -08:00
Patrick Ohly
8a908e0c0b remove import doc comments 
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:

- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.

This commit was generated with
   sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')

Everything was included, except for
   package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
 2024-12-02 16:59:34 +01:00
Anish Ramasekar
1882a4a9f0 credential provider config: detect typos 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-10-14 12:23:43 -07:00
Davanum Srinivas
7187d9af81 address comments during review 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-01 18:01:25 -04:00
Davanum Srinivas
bf268f02a3 Remove gcp in-tree cloud provider and credential provider 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-01 09:03:53 -04:00
Marek Siarkowicz
3ee8178768 Cleanup defer from SetFeatureGateDuringTest function call 2024-04-24 20:25:29 +02:00
Qi Ni
3bf2bf8191 chore: Cleanup in-tree credential provider azure and cloud provider azure 2024-01-20 15:18:31 +08:00
Zhecheng Li
af6e653f17 Use errors.Is() to handle err returned by LookPath() 
Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
 2024-01-05 05:07:28 +00:00
Kubernetes Prow Robot
2efed1f1cb Merge pull request #120291 from lzhecheng/fix-credentialprovider-win-bin-path 
Fix Windows credential provider cannot find binary
 2024-01-04 17:58:54 +01:00
Kubernetes Prow Robot
510b49a406 Merge pull request #118431 from testwill/plugin_slice 
chore: loop optimization
 2023-12-13 21:25:24 +01:00
Kubernetes Prow Robot
925a8dd3d3 Merge pull request #119947 from saschagrunert/keyring-unit 
Add unit tests for subdomain match in keyring
 2023-10-25 03:32:05 +02:00
Zhecheng Li
61023579c1 Fix Windows credential provider cannot find binary 
Windows credential provider binary path may have ".exe" suffix so
it is better to use LookPath() to support it flexibly.

Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
 2023-09-12 02:47:39 +00:00
Davanum Srinivas
42e8cfa28a fix failing metadata test 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2023-09-01 15:22:07 -04:00
Sascha Grunert
3edae95e5a Add unit tests for subdomain match in keyring 
This ensures that the amount of subdomains should always match the
glob+dot (`*.`) pattern.

Refers to https://github.com/kubernetes/kubernetes/issues/119941

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2023-08-15 12:47:22 +02:00
guoguangwu
c2049c7961 chore: loop optimization 2023-06-03 13:31:18 +08:00
HirazawaUi
82e3fa0930 fix fd leaks and failed file removing for main pkg and cmd 2023-05-09 09:24:11 -05:00
Kubernetes Prow Robot
3187a3333b Merge pull request #117477 from HirazawaUi/replace-pkg-credentialprovider-ioutil 
Replace the deprecated ioutil method in the credentialprovider directory
 2023-05-08 07:01:17 -07:00
HirazawaUi
062f146d32 Replace the deprecated ioutil method in the pkg/credentialprovider directory 2023-04-19 23:11:57 +08:00
Carter McKinnon
766f6c3ad4 Include stderr in cred provider plugin errors 2023-04-18 10:35:30 -07:00
Davanum Srinivas
90d185b7e1 Drop AWS kubelet credential provider and cleanup AWS storage e2e tests 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2023-03-07 09:00:12 -05:00
HirazawaUi
3b18e80fb4 delete unused functions in pkg directory 2023-01-16 21:43:36 +08:00
Kubernetes Prow Robot
870e872ebb Merge pull request #114343 from skitt/autorest-to 
Use k8s utils pointer instead of Azure autorest/to
 2022-12-10 09:05:55 -08:00
Kubernetes Prow Robot
c5792ad96b Merge pull request #113138 from claudiubelu/unittests-skip-gce 
unittests: Skip test if not on GCE
 2022-12-09 21:13:41 -08:00
Stephen Kitt
56d8302bc8 Use k8s utils pointer instead of Azure autorest/to 
Since k/u includes pointer functions which are equivalent to the
autorest/to pointer functions, and the latter are deprecated, it seems
useful to switch to the former:
* to.FooPtr becomes pointer.Foo
* to.Foo becomes pointer.FooDeref with an appropriate default
* to.StringSlicePtr becomes &

This doesn't remove anything from vendor, but it does turn the
dependency into an indirect one, ready to be removed when the rest of
the Azure migration happens.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2022-12-07 18:16:16 +01:00
Claudiu Belu
1129f57143 unittests: Skip test if not on GCE 
The test in pkg/credentialprovider/gcp/metadata_test.go is meant to
run only on GCE, which means that it will fail in any other case.

We should skip the test if we're not testing in GCE or Windows in GCE.
 2022-11-28 13:54:14 +00:00
Han Kang
a09c6f6ca9 fix credential provider metric names 
Change-Id: Idccdf419d53b04f1d8a1968f554a0b6ef32ab992
 2022-11-08 12:59:53 -08:00
Slavik Panasovets
864e41f16d Fix time.Since() in defer. Wrap in anonymous function 
Function arguments in defer evaluated during definition of defer, not
during execution
 2022-10-25 12:38:35 +00:00
Davanum Srinivas
09968e6c03 (aws_credentials): update ecr url validation regex 
Updates the regex for ECR URL validation to support isolated regions
and includes additional testcases for these.

Signed-off-by: Jyoti Mahapatra <jyotima@amazon.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-10-16 19:13:47 -04:00
Dixita Narang
977a8ebb3a Renaming usage of v1beta1 to v1, and adding API violation exceptions and 
vendor module for v1
 2022-09-09 06:11:06 +00:00