scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-08 06:15:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
128,068 Commits 1 Branch 0 Tags
87fcae2bc765e4f752bcf7dfbd0c57f75ec751a3
Commit Graph

32 Commits

Author SHA1 Message Date
Samuel Davidson
7936d64e03 Replace IsExternalSigner boolean with ExtendedSigningDuration throughout apiserver to ensure consistent token signing length between local and external token signing. 2025-01-29 17:49:22 +00:00
Harshal Neelkamal
6fdacf0411 Add plugin and key-cache for ExternalJWTSigner integration 2024-11-07 03:16:23 +00:00
Jordan Liggitt
0771f601e1 KEP-4193: Promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo, ServiceAccountTokenNodeBindingValidation to stable 2024-10-17 21:25:09 -04:00
Stanislav Láznička
7fabd06c2b requestheaders: add a "requestheader-uid-headers" flag and wire it up 2024-09-05 14:28:31 +02:00
Dr. Stefan Schimanski
dc0bcd62e3 options/authentication: revert extra serviceaccount TokenGetter function silently enabling serviceaccounts 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-22 18:21:26 +02:00
Kubernetes Prow Robot
0c8b3e5f30 Merge pull request #125986 from vinayakankugoyal/typo 
Fix typo in error message for anonymous field in AuthenticationConfig…
 2024-07-09 20:45:05 -07:00
Vinayak Goyal
27e8923c70 Fix typo in error message for anonymous field in AuthenticationConfiguration. 2024-07-09 21:04:28 +00:00
Mangirdas Judeikis
a72266ff9d Add test for WithTokenGetter 2024-07-02 17:26:53 +03:00
Vinayak Goyal
5e6a4937f5 KEP-4633: Allow health-only anonymous auth mode. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-06-28 00:30:05 +00:00
Marek Siarkowicz
3ee8178768 Cleanup defer from SetFeatureGateDuringTest function call 2024-04-24 20:25:29 +02:00
Kubernetes Prow Robot
8f80e01467 Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta
 2024-03-09 17:09:56 -08:00
Monis Khan
b4935d910d Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-09 14:29:33 -05:00
Anish Ramasekar
b502aa6f31 Duplicate v1alpha1 AuthenticationConfiguration to v1beta1 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-05 09:10:34 -08:00
Monis Khan
bc7aa13bf7 Mark StructuredAuthenticationConfiguration feature gate as beta 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-05 11:34:30 -05:00
Kubernetes Prow Robot
8845c4c657 Merge pull request #123135 from munnerz/4193-beta-promotion 
KEP-4193: promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to beta
 2024-03-01 19:48:18 -08:00
Kubernetes Prow Robot
f139450e9b Merge pull request #122885 from claudiubelu/unittests-10 
unittests: Fixes unit tests for Windows (part 10)
 2024-02-28 05:38:40 -08:00
Monis Khan
b5e0068325 Support all key algs with structured authn config 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-02-14 09:40:25 -05:00
James Munnelly
e087acc791 refuse to allow apiserver to startup if ServiceAccountTokenNodeBinding is enabled without ServiceAccountTokenNodeBindingValidation 2024-02-06 14:03:50 +00:00
Claudiu Belu
b8df7e7684 unittests: Fixes unit tests for Windows (part 10) 
Currently, there are some unit tests that are failing on
Windows due to various reasons:

- Different "File not found" error messages on Windows.
- Files need to be closed on Windows before removing them.
- The default RootHnsEndpointName (root-hnsendpoint-name) flag value is 'cbr0'
- On Windows, Unix Domain sockets are not checked in the same way in golang, which is why
  hostutils_windows.go checks for it differently. GetFileType will return an error in this
  case. We need to check for it, and see if it's actually a Unix Domain Socket.
 2024-01-22 13:43:42 +00:00
Anish Ramasekar
9e1ff1e512 add loading config and wire feature flag 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-08-30 23:14:56 +00:00
Anish Ramasekar
1bad3cbbf5 wiring existing oidc flags with internal API struct 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-08-25 17:15:33 +00:00
Thomas Milox
3ad2ab18fa pkg/kubeapiserver/options: Improving test coverage (#114234) 
* pkg/kubeapiserver/options: Improving test coverage

Signed-off-by: TommyStarK <thomasmilox@gmail.com>

* pkg/kubeapiserver/options: Improving test coverage

Add a snippet of the expected error string related to the aspect being tested

Signed-off-by: TommyStarK <thomasmilox@gmail.com>

Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2022-12-14 17:51:35 -08:00
Shihang Zhang
925900317e allow multiple of --service-account-issuer 2021-04-19 09:54:11 -07:00
JunYang
4e72e41387 test: fix the error of TestAuthenticationValidate 
Signed-off-by: JunYang <yang.jun22@zte.com.cn>
 2021-03-12 23:10:21 +08:00
Monis Khan
df292749c9 Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-03-11 20:55:47 -04:00
David Eads
6beb96261e wire up a means to dynamically reload ca bundles for kube-apiserver 2019-10-23 11:01:56 -04:00
David Eads
5825634669 add the ability for dynamic header names in delegated authentication 2019-10-11 11:50:37 -04:00
David Eads
51195dd860 add ability to authenticators for dynamic update of certs 2019-10-01 09:50:20 -04:00
walter
2af982abb9 Fixes lint errors in kubeapiserver packages 
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
 2018-11-04 17:22:41 -08:00
Mike Danese
a13b48de94 default api audiences to service account token issuer if available 
This is a sane default that users can choose to migrate away from later.
 2018-10-29 16:40:06 -07:00
hangaoshuai
cacf18f859 add unit test for func ToAuthenticationConfig 2018-08-16 19:24:11 +08:00
hangaoshuai
4157f5a1ae add unit test for Authentication Validate 2018-08-16 18:13:58 +08:00