scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-01 18:58:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Define ClusterTrustBundlePEM projected volume

Browse Source 
This commit defines the ClusterTrustBundlePEM projected volume types.
These types have been renamed from the KEP (PEMTrustAnchors) in order to
leave open the possibility of a similar projection drawing from a
yet-to-exist namespaced-scoped TrustBundle object, which came up during
KEP discussion.

* Add the projection field to internal and v1 APIs.
* Add validation to ensure that usages of the project must specify a
  name and path.
* Add TODO covering admission control to forbid mirror pods from using
  the projection.

Part of KEP-3257.
This commit is contained in:
Taahir Ahmed
2022-10-21 19:50:01 -07:00
parent 0fd1362782
commit ecfdc8fda5
9 changed files with 523 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/admission/serviceaccount/admission.go
View File

@@ -210,6 +210,9 @@ func (s *Plugin) Validate(ctx context.Context, a admission.Attributes, o admissi
if projSource.ServiceAccountToken != nil {
return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not use ServiceAccountToken volume projections"))
}
if projSource.ClusterTrustBundle != nil {
return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not use ClusterTrustBundle volume projections"))
}
}
}
}