scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
84,544 Commits 1 Branch 0 Tags
d410bd28c371fbb8c9b07feb8c4bc1fef018173f
Commit Graph

58 Commits

Author SHA1 Message Date
James Sturtevant
a8c78d1359 Windows: Sets the effective SecurityContext's RunAsUserName 
Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>
 2019-07-17 15:03:11 +00:00
Jean Rouge
b39d8f4777 Kubelet & implementation changes for Windows GMSA support 
This patch comprises the kubelet changes outlined in the Windows GMSA KEP
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md)
to add GMSA support to Windows workloads.

Updated tests.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-05-16 22:07:03 -04:00
Thomas Gamble
344dd90881 Fix golint failures in pkg/securitycontext 2019-04-20 20:38:40 -04:00
WanLinghao
e9edbf1d52 Clean unused code in pkg/securitycontext/util.go 2019-02-11 10:30:47 +08:00
Serguei Bezverkhi
1778d64a59 ProcMount validation and testing 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-20 14:43:52 -05:00
Mayank Kumar
bc3e3afc46 api changes for psp runasgroup policy 2018-10-09 17:32:09 -07:00
Jess Frazelle
30dcca6233 ProcMount: add api options and feature gate 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2018-08-30 11:40:02 -04:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Mayank Kumar
eecef462c8 remove unused code in securitycontext 2018-03-29 23:32:48 -07:00
Mayank Kumar
b888415ebf API Changes for RunAsGroup and Implementation and e2e 2018-02-28 22:09:56 -08:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Slava Semushin
3a461afaf5 pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests. 
- remove irrelevant test cases
- add test case for AllowPrivilegeEscalation: nil
- explicitly specify input and expected outcome
 2018-01-08 15:46:39 +01:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Slava Semushin
4e74211aaf pkg/securitycontext/util.go(InternalDetermineEffectiveSecurityContext): remove unused function. 2017-11-15 17:50:03 +01:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jordan Liggitt
b6a750c1f6 SecurityContext: Add accessors/mutators for effective container security context 2017-10-16 02:22:10 -04:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jess Frazelle
0ad51ed763 AllowPrivilegeEscalation: add validations for caps and privileged 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2017-09-25 13:22:02 -04:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jess Frazelle
0f349cc61f allowPrivilegeEscalation: modify api types & add functionality 
Signed-off-by: Jess Frazelle <acidburn@google.com>
 2017-07-24 12:52:41 -04:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
mbohlool
70c4fe7f4f update generated files 2017-06-21 04:09:08 -07:00
mbohlool
c91a12d205 Remove all references to types.UnixUserID and types.UnixGroupID 2017-06-21 04:09:07 -07:00
Jamie Hannaford
9440a68744 Use dedicated Unix User and Group ID types 2017-05-05 14:07:38 +02:00
Yu-Ju Hong
4506f4c2d0 securitycontext: move docker-specific logic into kubelet/dockertools 
This change moves the code specific to docker to kubelet/dockertools,
while leaving the common utility functions at its current package
(pkg/securitycontext).

When we deprecate dockertools in the future, the code will be moved to
pkg/kubelet/dockershim instead.
 2017-01-27 12:25:46 -08:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese
161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Chao Xu
bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00
Chao Xu
4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
Pengfei Ni
3aee57d4ae Add security context support in dockershim 2016-11-07 11:07:56 +08:00
Mike Danese
3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
Matthew Wong
cbdd121d2d Remove pod mutation for PVs with supplemental GIDs 2016-07-22 17:41:44 -04:00
Davanum Srinivas
2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
Daniel Smith
360f2eb927 Revert "Remove pod mutation for PVs with supplemental GIDs" 2016-07-14 17:47:46 -07:00
Matthew Wong
58f973d8e7 Remove pod mutation for PVs with supplemental GIDs 2016-07-13 13:51:17 -04:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Alex Robinson
d2a45f0ba5 Merge pull request #24909 from pmorie/security-context-loc 
Reduce LOC in security context tests
 2016-05-27 10:27:55 -07:00
Paul Weil
04dc71f959 retain read only root file system in determineEffectiveSecurityContext 2016-05-11 17:27:20 -04:00
Paul Morie
6f940a1a78 Reduce LOC in security context tests 2016-04-28 20:39:28 -04:00
Random-Liu
ba4a5ed39e Refactor CreateContainer. 2016-04-14 17:05:46 -07:00
Eric Tune
4d090bfb09 Rename PodSecurityPolicy fields 
In podSecurityPolicy:
1. Rename .seLinuxContext to .seLinux
2. Rename .seLinux.type to .seLinux.rule
3. Rename .runAsUser.type to .runAsUser.rule
4. Rename .seLinux.SELinuxOptions

1,2,3 as suggested by thockin in #22159.
I added 3 for consistency with 2.
 2016-03-03 11:49:48 -08:00
Lantao Liu
4a386f881f Deprecate HostConfig at container start 2016-02-04 01:00:03 +00:00
Yifan Gu
cc656ae6ac rkt: Refactor setIsolators. 
Replace manually creating isolators with isolator constructors.
Also add support for supplementary group IDs.
 2016-01-08 13:31:21 -08:00
Paul Morie
3cd12f5e05 FSGroup implementation 2015-10-22 16:40:59 -04:00
Paul Morie
393e2bc019 Inline some SecurityContext fields into PodSecurityContext 2015-10-21 19:01:17 -04:00
Sami Wagiaalla
030f882f06 Add Support for supplemental groups 2015-10-20 12:44:32 -04:00