kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,094 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
Ole Markus With 2fa53989c4 Configure dualstack endpoint for s3 
Use dualstack https endpoints on ipv6only cluster. Always use
dualstack endpoints through the SDK
 2021-11-20 08:00:00 +01:00
Peter Rifel 0d13da839a
Use MasterInternalName for gossip cluster SA issuer 
This reverts a change introduced earlier in 1.22 that resulted in existing service account tokens becoming invalid after a kops upgrade.
 2021-09-10 14:40:07 -04:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 24d1706848 Allow overriding the ServiceAccountIssuer for IRSA 2021-06-25 18:33:07 -07:00
John Gardiner Myers 8823f30ad7 Recognize the ServiceAccountIssuerDiscovery featue gate 2021-05-06 08:57:37 -07:00
John Gardiner Myers d21cb0f306 Use consistent ServiceAccountJWKSURI default for PublicJWKS 2021-05-06 00:15:15 -07:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Ole Markus With 9a13837629 Fix JWKS path for volume projection 2021-02-18 22:07:35 +01:00
John Gardiner Myers 4f5def8610 Address review comment 2020-12-03 23:24:43 -08:00
John Gardiner Myers 9607b9955c Set --service-account-issuer for k8s 1.20+ 2020-11-20 22:20:39 -08:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00