kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,731 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

14 Commits

Author SHA1 Message Date
Peter Rifel 7d9f0a06cf
Update API slice fields to not use pointers 
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
 2020-08-24 07:46:38 -05:00
Justin SB 1e559618f5 Ensure we have IAM bucket permissions to other S3 buckets 
If we are expected to write to other buckets, we need to have suitable
permissions to e.g. determine their location.
 2020-06-04 22:37:17 -04:00
Kashif Saadat bf30b2559f Update AWS IAM Policy tests following Statement ID removal 2018-04-10 15:33:51 +01:00
Kashif Saadat 5bfb22ac92 Make the IAM ECR Permissions optional, can be specified within the Cluster Spec. 2017-10-24 09:20:17 +01:00
chrislovecnm 2e6b7eedb9 Revision to IAM Policies created by Kops, and wrapped in Cluster Spec 
IAM Legacy flag.
 2017-09-15 08:05:23 +01:00
Justin Santa Barbara 7b5510028a Add CreateSecurityGroup permission 
Also document the available filtering for the methods we use.
 2017-09-10 19:14:41 -04:00
Kubernetes Submit Queue fdce8b4b7b Merge pull request #3186 from KashifSaadat/limit-master-ec2-policy 
Automatic merge from submit-queue

Limit the IAM EC2 policy for the master nodes

Related to: https://github.com/kubernetes/kops/pull/3158

The EC2 policy for the master nodes are quite open currently, allowing them to create/delete/modify resources that are not associated with the cluster the node originates from. I've come up with a potential solution using condition keys to validate that the `ec2:ResourceTag/KubernetesCluster` matches the cluster name.
 2017-08-28 02:00:46 -07:00
Kashif Saadat d6e5a62678 Limit the IAM EC2 policy for the master nodes, wrapped in 'Spec.IAM.LegacyIAM' API flag. 2017-08-26 11:46:09 +01:00
Rohith 0dc4e5e4dc Kops Secrets on Nodes 
The current implementation permits nodes access to /secrets/* thought the nodes themselve do [not](https://github.com/gambol99/kops/blob/secrets/nodeup/pkg/model/secrets.go#L77-L79) require access. This PR changed the ACL on the iam policy to deny access for nodes to /secrets/*
 2017-08-25 19:47:37 +01:00
Kashif Saadat 0e5c393f10 Rename IAM switch to legacy, default to false for new cluster creations. 2017-08-22 13:27:55 +01:00
Kashif Saadat 0aac9b7f8d Allow the strict IAM policies to be optional, default to original behaviour (not-strict) 2017-08-22 13:27:54 +01:00
Kashif Saadat fd0ce236dc Remove node requirement to access private ca and master keys in S3 2017-08-11 16:12:32 +01:00
Kashif Saadat cd149414df Tighten down S3 IAM policy statements 2017-08-11 11:51:46 +01:00
Justin Santa Barbara dc9a343434 Support string-or-slice in IAM policies 
Fix #1920
 2017-02-16 22:24:28 -05:00