github-personal/kubernetes
1
0
Fork 0
mirror of https://github.com/outbackdingo/kubernetes.git synced 2026-01-27 18:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
131,921 Commits 1 Branch 0 Tags
master
Commit Graph

43 Commits

Author SHA1 Message Date
Anish Ramasekar
b9dd2fdec0 credentialprovider: track service account cred source in ext provider keyring 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-18 16:38:23 -05:00
Anish Ramasekar
d6e85b504d Add kubelet_credential_provider_config_info metric 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-17 20:30:06 -05:00
Kubernetes Prow Robot
394f412767 Merge pull request #132617 from aramase/aramase/f/kep_4412_pod_cache_key_type 
Add ServiceAccountTokenCacheType support to credential provider plugin
 2025-07-15 10:56:45 -07:00
xiaoweim
740e568468 address review comments 2025-07-14 18:13:00 +00:00
xiaoweim
61542e7a98 Cleanup: Remove field name from invalid field detail message 2025-07-14 18:13:00 +00:00
Anish Ramasekar
7e37711d6e kubelet: Add service account UID to token cache key for proper invalidation 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-10 23:20:27 -05:00
Anish Ramasekar
4d2566eb5a credentialprovider: wire in service account mode cache type 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-10 14:50:54 -05:00
Anish Ramasekar
03db2278d5 kubelet: Add CacheType field to ServiceAccountTokenAttributes with validation 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-07-10 14:50:51 -05:00
Kubernetes Prow Robot
2a4b5f6476 Merge pull request #132314 from thockin/jp_nicer_api_errors 
Nicer value rendering in API errors
 2025-07-03 01:33:33 -07:00
xiaoweim
8632257c93 Cleanup: Remove redundant detail messages in field.Required 2025-06-26 21:24:43 +00:00
Tim Hockin
4ca91a0305 WIP: Fix tests 
Notes:
* For types that define String() - should we prefer that or JSON?
* metav1.Time has a MarshalJSON() and inhereits a String() and they are
  different
* Since validation runs on internal types, we still get some GoNames
  instead of goNames.
 2025-06-19 10:11:17 +09:00
Davanum Srinivas
be6807e6a5 Allow specifying a directory for image credential providers json/yaml configuration 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2025-05-29 09:42:26 -04:00
Kubernetes Prow Robot
fcb2418f7b Merge pull request #128152 from stlaz/ensure-secret-images 
Multi-tenancy in accessing node images via Pod API
 2025-03-17 07:09:49 -07:00
Anish Ramasekar
95d411382f Fix comment for GetServiceAccountFunc type 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-14 11:21:58 -07:00
Anish Ramasekar
01302639f5 Add unit tests for credential provider in service account mode 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-14 11:21:08 -07:00
Stanislav Láznička
cb7468b077 kubelet imagepuller: PullImage() - accept TrackAuthConfigs directly 
The image puller's PullImage() method should be just a dumb pull
without any further logic. Make it accept everything it needs
to pull an image and defer any other magic to the image manager.
 2025-03-14 10:47:54 +01:00
Anish Ramasekar
b27735be2e Define type alias for getServiceAccount function 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-12 10:08:46 -07:00
Anish Ramasekar
ad8666ce88 Update credential provider plugin to support using service account token 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-11 20:36:32 -07:00
Anish Ramasekar
9a331bbf59 credential provider config: validate duplicate names early and preserve provider order 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-01-16 15:26:47 -08:00
Anish Ramasekar
1882a4a9f0 credential provider config: detect typos 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-10-14 12:23:43 -07:00
Zhecheng Li
af6e653f17 Use errors.Is() to handle err returned by LookPath() 
Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
 2024-01-05 05:07:28 +00:00
Kubernetes Prow Robot
2efed1f1cb Merge pull request #120291 from lzhecheng/fix-credentialprovider-win-bin-path 
Fix Windows credential provider cannot find binary
 2024-01-04 17:58:54 +01:00
Zhecheng Li
61023579c1 Fix Windows credential provider cannot find binary 
Windows credential provider binary path may have ".exe" suffix so
it is better to use LookPath() to support it flexibly.

Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
 2023-09-12 02:47:39 +00:00
guoguangwu
c2049c7961 chore: loop optimization 2023-06-03 13:31:18 +08:00
HirazawaUi
82e3fa0930 fix fd leaks and failed file removing for main pkg and cmd 2023-05-09 09:24:11 -05:00
Kubernetes Prow Robot
3187a3333b Merge pull request #117477 from HirazawaUi/replace-pkg-credentialprovider-ioutil 
Replace the deprecated ioutil method in the credentialprovider directory
 2023-05-08 07:01:17 -07:00
HirazawaUi
062f146d32 Replace the deprecated ioutil method in the pkg/credentialprovider directory 2023-04-19 23:11:57 +08:00
Carter McKinnon
766f6c3ad4 Include stderr in cred provider plugin errors 2023-04-18 10:35:30 -07:00
Han Kang
a09c6f6ca9 fix credential provider metric names 
Change-Id: Idccdf419d53b04f1d8a1968f554a0b6ef32ab992
 2022-11-08 12:59:53 -08:00
Slavik Panasovets
864e41f16d Fix time.Since() in defer. Wrap in anonymous function 
Function arguments in defer evaluated during definition of defer, not
during execution
 2022-10-25 12:38:35 +00:00
Dixita Narang
977a8ebb3a Renaming usage of v1beta1 to v1, and adding API violation exceptions and 
vendor module for v1
 2022-09-09 06:11:06 +00:00
Davanum Srinivas
a9593d634c Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-07-26 13:14:05 -04:00
Aditi Sharma
ed16ef2206 Move feature flag credential provider to beta 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2022-03-24 22:43:38 +05:30
ialidzhikov
f3fcfef5a7 Replace errors.New(fmt.Sprintf(...)) with fmt.Errorf(...) 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2022-02-20 11:23:48 +02:00
Kubernetes Prow Robot
5130d43200 Merge pull request #102802 from adisky/metrics-credential-provider-1 
Add Metrics for Kubelet credential provider
 2021-09-27 11:02:22 -07:00
wojtekt
d9b08c611d Migrate to k8s.io/utils/clock 2021-09-17 15:19:08 +02:00
Aditi Sharma
7c5d6c0844 Add metric for credential provider 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-09-17 11:03:36 +00:00
Neeraj Shah
75f0007d2b Overlaid OS's environment variables with the ones specified in the CredentialProviderConfig 
- Removed dependency with cmd.Run's stub
- Added test cases

Signed-off-by: Neeraj Shah <neerajx86@gmail.com>
 2021-07-23 09:45:19 +05:30
Aditi Sharma
def93317b4 Kubelet Credential Provider 
Improve concurrency and cache for credential provider

Removed lock from "Provide" as it can be called in parallel
from image puller. To avoid execing for the same image concurrently
wrapped exec in singleflight.

Purging the cache for expried data with 15mins interval only when
a request for credential is made.

KEP:2133

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-06-28 21:15:03 +05:30
wangyx1992
34c2b2360b fix errors in wrapped format 
Signed-off-by: wangyx1992 <wang.yixiang@zte.com.cn>
 2021-03-26 14:57:55 +08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Gurleen Grewal
7a0b5acf00 Fix golint issues in pkg/credentialprovider/plugin 2020-12-08 15:11:44 -08:00
Andrew Sy Kim
5344afd4fb pkg/credentialprovider: add initial exec-based credential provider plugin 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-11-10 13:44:07 -05:00