scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-20 16:35:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
126,037 Commits 1 Branch 0 Tags
f28d97a888b4b92c998045ec57e73a8ec4269da4
Commit Graph

603 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
7adcad3138 Merge pull request #128169 from liggitt/4193-ga 
KEP-4193: Promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo, ServiceAccountTokenNodeBindingValidation to stable
 2024-10-18 17:39:11 +01:00
Jordan Liggitt
0771f601e1 KEP-4193: Promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo, ServiceAccountTokenNodeBindingValidation to stable 2024-10-17 21:25:09 -04:00
Dr. Stefan Schimanski
c44fc28087 apiserver/validation: fix some sets.NewString deprecations 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-10-17 22:56:20 +02:00
Dr. Stefan Schimanski
4024390d8c apiserver/authconfig: wire CEL compiler through lower layers to allow sharing 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-10-17 22:56:20 +02:00
Kubernetes Prow Robot
1b71b94b73 Merge pull request #127711 from elmiko/correct-provider-deprecation-logic 
Correct cloud provider detection logic to be more representative of deprecation and disablement status
 2024-09-30 20:37:24 +01:00
elmiko
38fe239ac4 factor our cloudprovider.DeprecationWarningForProvider 
this change removes the deprecation warning function in favor of using
the `cloudprovider.DisableWarningForProvider`. it also fixes some of the
logic to ensure that non-external providers are properly detected and
warned about.
 2024-09-30 12:20:25 -04:00
Matthieu MOREL
f736cca0e5 fix: enable expected-actual rule from testifylint in module k8s.io/kubernetes 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-09-27 07:56:31 +02:00
elmiko
d1d05d3eba remove IsDeprecatedInternal from cloudprovider.plugins 
The internal cloud controller loops are disabled at this point, this
function should not be used as it does not return accurate information.
In its place we check for the presence of the external cloud provider as
that is the only acceptable value.
 2024-09-26 14:55:25 -04:00
Kubernetes Prow Robot
e456fbfaa6 Merge pull request #127545 from mjudeikis/mjudeikis/sa.flow.fix 
Fix npe in serviceAccount  flow
 2024-09-23 08:00:06 +01:00
Mangirdas Judeikis
4783af9a49 fix npe when running in limited config in generic-control-plane mode 2024-09-22 19:06:45 +03:00
Mangirdas Judeikis
cf6d113f24 fix npe in serviceAccount flow 2024-09-22 16:04:48 +03:00
Kubernetes Prow Robot
f2700895a4 Merge pull request #127422 from srivastav-abhishek/go-vet-fix 
Go vet fixes for gotip
 2024-09-20 14:37:58 +01:00
Abhishek Kr Srivastav
95860cff1c Fix Go vet errors for master golang 
Co-authored-by: Rajalakshmi-Girish <rajalakshmi.girish1@ibm.com>
Co-authored-by: Abhishek Kr Srivastav <Abhishek.kr.srivastav@ibm.com>
 2024-09-20 12:36:38 +05:30
Mangirdas Judeikis
4e4eb8c5c9 wire in ctx to rbac plugins 2024-09-17 20:04:02 +03:00
Stanislav Láznička
7fabd06c2b requestheaders: add a "requestheader-uid-headers" flag and wire it up 2024-09-05 14:28:31 +02:00
Kubernetes Prow Robot
5891e72703 Merge pull request #126411 from hoskeri/fix-authnz-configfile-usage-formatting 
Fix formatting of the authnz config usage.
 2024-08-13 21:03:52 -07:00
Kubernetes Prow Robot
bbd1dd8c6f Merge pull request #126342 from aramase/aramase/c/auth_rm_unused_function 
cleanup unused fn IsValidServiceAccountKeyFile in authenticator config
 2024-08-13 21:03:38 -07:00
Abhijit Hoskeri
c383823228 Fix formatting of the authnz config usage. 
- Reword to be less verbose, more in line with the
  writing style in other flags.
- Add spaces after the end of sentences.
 2024-07-27 14:26:46 -07:00
Anish Ramasekar
71d7e29954 cleanup unused fn IsValidServiceAccountKeyFile in authenticator config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-07-24 14:35:21 -07:00
Jefftree
e3e56eb1e2 CLE storage and type registration changes 2024-07-24 14:38:11 +00:00
Kubernetes Prow Robot
c2fdeca4ab Merge pull request #126145 from carlory/kep-3751-api 
[KEP-3751] Promote VolumeAttributesClass to beta
 2024-07-23 13:31:05 -07:00
Kubernetes Prow Robot
e83fca8dd9 Merge pull request #124530 from sttts/sttts-controlplane-plumbing-split 
Step 12 - Add generic controlplane example
 2024-07-23 12:21:02 -07:00
carlory
0260c7d023 Promote VolumeAttributesClass to beta 2024-07-23 13:58:14 +08:00
Dr. Stefan Schimanski
b6aebb0e4b options/authentication: fix serviceaccount TokenGetter with ServiceAccountTokenNodeBindingValidation 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-22 18:21:26 +02:00
Dr. Stefan Schimanski
dc0bcd62e3 options/authentication: revert extra serviceaccount TokenGetter function silently enabling serviceaccounts 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-22 18:21:26 +02:00
Patrick Ohly
b51d68bb87 DRA: bump API v1alpha2 -> v1alpha3 
This is in preparation for revamping the resource.k8s.io completely. Because
there will be no support for transitioning from v1alpha2 to v1alpha3, the
roundtrip test data for that API in 1.29 and 1.30 gets removed.

Repeating the version in the import name of the API packages is not really
required. It was done for a while to support simpler grepping for usage of
alpha APIs, but there are better ways for that now. So during this transition,
"resourceapi" gets used instead of "resourcev1alpha3" and the version gets
dropped from informer and lister imports. The advantage is that the next bump
to v1beta1 will affect fewer source code lines.

Only source code where the version really matters (like API registration)
retains the versioned import.
 2024-07-21 17:28:13 +02:00
Kubernetes Prow Robot
0c8b3e5f30 Merge pull request #125986 from vinayakankugoyal/typo 
Fix typo in error message for anonymous field in AuthenticationConfig…
 2024-07-09 20:45:05 -07:00
Vinayak Goyal
27e8923c70 Fix typo in error message for anonymous field in AuthenticationConfiguration. 2024-07-09 21:04:28 +00:00
Kubernetes Prow Robot
51bf5df54a Merge pull request #125836 from mjudeikis/mjudeikis/auth.token.getter 
Extend service accounts with optional tokenGetter provider
 2024-07-09 00:30:34 -07:00
Mangirdas Judeikis
a72266ff9d Add test for WithTokenGetter 2024-07-02 17:26:53 +03:00
Mangirdas Judeikis
a15b22cd98 wire in optional tokenGetter provider 2024-07-01 18:09:46 +03:00
Antonio Ojea
29f33bc21d enable networking v1beta1 features on apiserver storage 2024-06-28 13:16:33 +00:00
Kubernetes Prow Robot
522e2e5066 Merge pull request #124917 from vinayakankugoyal/kep4633 
KEP-4633: Only allow anonymous auth for configured endpoints.
 2024-06-27 20:39:51 -07:00
Vinayak Goyal
5e6a4937f5 KEP-4633: Allow health-only anonymous auth mode. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-06-28 00:30:05 +00:00
Kubernetes Prow Robot
ef1d28aa52 Merge pull request #125177 from liggitt/dynamic-public-key 
Move public key serviceaccount getter to interface, filter by key id
 2024-06-27 11:57:06 -07:00
Siyuan Zhang
403301bfdf apiserver: Add API emulation versioning. 
Co-authored-by: Siyuan Zhang <sizhang@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
Co-authored-by: Alex Zielenski <zielenski@google.com>

Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2024-06-25 22:12:11 +00:00
Jordan Liggitt
3e037070bb Move public key getter to interface 2024-06-25 18:10:08 -04:00
Jordan Liggitt
c50f68d6ee Fix structured authorization webhook timeout wiring 2024-06-19 15:36:36 -04:00
Alexander Zielenski
cd41a7d8e1 store validatingadmissionpolicy and bindings at v1 2024-05-29 13:14:51 -07:00
John McGrath
e72788d58e Revert "DisableServiceLinks admission controller" 2024-05-20 12:20:46 -05:00
Mangirdas Judeikis
b14936f679 move to generics for sets in kubeapiserver 2024-05-12 11:49:42 +03:00
Jan Safranek
e7a6ed2e3d Remove PersistentVolumeLabel admission plugin 
Remove useless admission plugin.

* It has been deprecated for years.
* All in-tree cloud providers were removed, so the admission plugin does not have
  any way to get PV labels.
* There is a replacement in https://github.com/kubernetes-sigs/cloud-pv-admission-labeler
 2024-05-09 11:10:14 +02:00
Dr. Stefan Schimanski
acbb89d9b9 kube-apiserver: split admission initializers into generic and non-generic 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-04-29 23:28:42 +02:00
Marek Siarkowicz
3ee8178768 Cleanup defer from SetFeatureGateDuringTest function call 2024-04-24 20:25:29 +02:00
Kubernetes Prow Robot
6faeecc87d Merge pull request #122631 from jmcgrath207/disable-service-links 
DisableServiceLinks admission controller
 2024-04-18 00:00:28 -07:00
Kubernetes Prow Robot
8f80e01467 Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta
 2024-03-09 17:09:56 -08:00
Anish Ramasekar
62ac88b9ea Add metrics for authentication config reload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-09 14:40:22 -08:00
Monis Khan
b4935d910d Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-09 14:29:33 -05:00
Nilekh Chaudhari
91a7708cdc feat: implements Storage Version Migration API in-tree 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2024-03-08 04:18:56 +00:00
Patrick Ohly
0b6a0d686a dra api: rename NodeResourceSlice -> ResourceSlice 
While currently those objects only get published by the kubelet for node-local
resources, this could change once we also support network-attached
resources. Dropping the "Node" prefix enables such a future extension.

The NodeName in ResourceSlice and StructuredResourceHandle then becomes
optional. The kubelet still needs to provide one and it must match its own node
name, otherwise it doesn't have permission to access ResourceSlice objects.
 2024-03-07 22:22:55 +01:00