scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-11 17:16:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c811521331ee09d9fce7b866d5c8c79f45ba4125
kubernetes/api/openapi-spec
History
Shingo Omura 552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
2024-05-29 15:40:29 -07:00
..
v3
KEP-3619: Fine-grained SupplementalGroups control (#117842)
2024-05-29 15:40:29 -07:00
README.md
Fix grammar in K8s OpenAPI spec doc
2022-06-14 21:29:23 -04:00
swagger.json
KEP-3619: Fine-grained SupplementalGroups control (#117842)
2024-05-29 15:40:29 -07:00

README.md

Kubernetes's OpenAPI Specification

This folder contains an OpenAPI specification for Kubernetes API.

Vendor Extensions

Kubernetes extends OpenAPI using these extensions. Note the version that extensions have been added.

x-kubernetes-group-version-kind

Operations and Definitions may have x-kubernetes-group-version-kind if they are associated with a kubernetes resource.

For example:

"paths": {
    ...
    "/api/v1/namespaces/{namespace}/pods/{name}": {
        ...
        "get": {
        ...
            "x-kubernetes-group-version-kind": {
            "group": "",
            "version": "v1",
            "kind": "Pod"
            }
        }
    }
}

x-kubernetes-action

Operations and Definitions may have x-kubernetes-action if they are associated with a kubernetes resource. Action can be one of get, list, put, patch, post, delete, deletecollection, watch, watchlist, proxy, or connect.

For example:

"paths": {
    ...
    "/api/v1/namespaces/{namespace}/pods/{name}": {
        ...
        "get": {
        ...
            "x-kubernetes-action": "list"
        }
    }
}

x-kubernetes-patch-strategy and x-kubernetes-patch-merge-key

Some of the definitions may have these extensions. For more information about PatchStrategy and PatchMergeKey see strategic-merge-patch.