kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Library for writing a Kubernetes-style API server.
3,261 Commits 29 Branches 1,436 Tags 31 MiB
Go 99.8%
Shell 0.2%
Go to file
Abu Kashem fd45dede1a Add impersonated user to system:authenticated group 
Currently if a group is specified for an impersonated user,
'system:authenticated' is not added to the 'Groups' list inside the
request context.
This causes priority and fairness match to fail. The catch-all flow
schema needs the user to be in the 'system:authenticated' or in the
'system:unauthenticated' group. An impersonated user with a specified
group is in neither.

As a general rule, if an impersonated user has passed authorization
checks, we should consider him authenticated.

Kubernetes-commit: 67bf54a07ddc4a7a8a88df9207800e5aa39f7a44
 		2020-08-21 13:15:04 -04:00
.github delete all duplicate empty blanks 2019-02-22 09:43:51 +08:00
Godeps Merge pull request #94149 from liggitt/json-patch-1.17 2020-09-03 13:43:39 +00:00
pkg Add impersonated user to system:authenticated group 2020-08-21 13:15:04 -04:00
plugin/pkg inline GC in expiring cache 2019-11-15 17:04:28 -08:00
.import-restrictions move pkg/auth/user to staging 2017-01-13 13:38:43 -05:00
CONTRIBUTING.md Update deprecated links 2019-02-04 13:28:31 -05:00
LICENSE Add README and LICENSE to staging repos 2017-10-23 16:39:02 +05:30
OWNERS Add jpbetz as reviewer of api-machinery code 2019-09-12 12:30:52 -07:00
README.md delete all duplicate empty blanks 2019-02-22 09:43:51 +08:00
SECURITY_CONTACTS Update SECURITY_CONTACTS with current PSC 2019-05-29 15:22:35 +05:30
code-of-conduct.md Add code-of-conduct.md to staging repos 2017-12-20 15:21:56 -05:00
go.mod Merge pull request #94149 from liggitt/json-patch-1.17 2020-09-03 13:43:39 +00:00
go.sum Merge pull request #94149 from liggitt/json-patch-1.17 2020-09-03 13:43:39 +00:00

README.md

apiserver

Generic library for building a Kubernetes aggregated API server.

Purpose

This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization, kubectl compatible discovery information, optional admission chain, and versioned types. It's first consumers are k8s.io/kubernetes, k8s.io/kube-aggregator, and github.com/kubernetes-incubator/service-catalog.

Compatibility

There are NO compatibility guarantees for this repository, yet. It is in direct support of Kubernetes, so branches will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the compatibility guarantee. We have a goal to make this easier to use in the future.

Where does it come from?

apiserver is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver. Code changes are made in that location, merged into k8s.io/kubernetes and later synced here.

Things you should NOT do

  1. Directly modify any files under pkg in this repo. Those are driven from k8s.io/kubernetes/staging/src/k8s.io/apiserver.
  2. Expect compatibility. This repo is changing quickly in direct support of Kubernetes and the API isn't yet stable enough for API guarantees.