kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Library for writing a Kubernetes-style API server.
1,914 Commits 30 Branches 1,482 Tags 31 MiB
Go 99.8%
Shell 0.2%
Go to file
Kubernetes Publisher b080aefffc Merge pull request #64283 from jessfraz/ProcMountType 
Automatic merge from submit-queue (batch tested with PRs 64283, 67910, 67803, 68100). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.

Add a ProcMount option to the SecurityContext & AllowedProcMountTypes to PodSecurityPolicy

So there is a bit of a chicken and egg problem here in that the CRI runtimes will need to implement this for there to be any sort of e2e testing.

**What this PR does / why we need it**: This PR implements design proposal https://github.com/kubernetes/community/pull/1934. This adds a ProcMount option to the SecurityContext and AllowedProcMountTypes to PodSecurityPolicy

Relies on https://github.com/google/cadvisor/pull/1967

**Release note**:

```release-note
ProcMount added to SecurityContext and AllowedProcMounts added to PodSecurityPolicy to allow paths in the container's /proc to not be masked.
```

cc @Random-Liu @mrunalp

Kubernetes-commit: 39004e852bb523d0497343705ee2bf42b4e9c3e3
 		2018-09-01 04:06:40 +00:00
.github Treat staging repos as authoritative for all files 2017-12-22 17:09:51 -05:00
Godeps Merge pull request #64283 from jessfraz/ProcMountType 2018-09-01 04:06:40 +00:00
pkg Fix grammar in secure-port flag help 2018-08-30 18:50:26 -04:00
plugin/pkg use Audit v1 api and add it to some unit tests 2018-07-27 14:06:29 +08:00
vendor Merge pull request #64283 from jessfraz/ProcMountType 2018-09-01 04:06:40 +00:00
.import-restrictions move pkg/auth/user to staging 2017-01-13 13:38:43 -05:00
CONTRIBUTING.md Add k8s.io/apiserver/CONTRIBUTING.md 2018-04-18 14:09:10 +02:00
LICENSE Add README and LICENSE to staging repos 2017-10-23 16:39:02 +05:30
OWNERS Add sig/api-machinery label to apimachinery OWNERS files 2018-08-20 18:46:47 +05:30
README.md apiserver/README: update to 2018 for compatibility 2018-07-11 10:36:01 +05:30
SECURITY_CONTACTS add PST to main SECURITY_CONTACTS as formality 2018-05-24 09:33:43 -04:00
code-of-conduct.md Add code-of-conduct.md to staging repos 2017-12-20 15:21:56 -05:00

README.md

apiserver

Generic library for building a Kubernetes aggregated API server.

Purpose

This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization, kubectl compatible discovery information, optional admission chain, and versioned types. It's first consumers are k8s.io/kubernetes, k8s.io/kube-aggregator, and github.com/kubernetes-incubator/service-catalog.

Compatibility

There are NO compatibility guarantees for this repository, yet. It is in direct support of Kubernetes, so branches will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the compatibility guarantee. We have a goal to make this easier to use in the future.

Where does it come from?

apiserver is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver. Code changes are made in that location, merged into k8s.io/kubernetes and later synced here.

Things you should NOT do

  1. Directly modify any files under pkg in this repo. Those are driven from k8s.io/kubernetes/staging/src/k8s.io/apiserver.
  2. Expect compatibility. This repo is changing quickly in direct support of Kubernetes and the API isn't yet stable enough for API guarantees.