kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,420 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

23 Commits

Author SHA1 Message Date
Ciprian Hacman 57c3a10383 chore: Replace gopkg.in/square/go-jose.v2 with github.com/go-jose/go-jose/v4 2024-05-10 08:12:34 +03:00
Matt Morrison 811f7d0420
Push issuer documents to GCS 2023-10-24 07:57:21 +13:00
Ciprian Hacman 17d313e89f Allow custom service account issuer without public bucket 2023-08-31 16:37:33 +03:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
John Gardiner Myers 1b590f5111 Simplify 2022-12-17 10:16:22 -08:00
justinsb f4984dafab Support public buckets for serviceAccountIssuers on S3 
S3 is also nudging towards bucket level permissions, so don't set an ACL when bucket is public.
 2022-12-17 09:57:45 -08:00
Ciprian Hacman 41ada58944 Rename field from `ManagedFile.Public` to `ManagedFile.PublicACL` 2022-12-12 13:21:55 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
Steven E. Harris 17e9c6eca2
OIDC: Tolerate extra service-account key set items 
When reading the kOps "service-account" key set in preparation for
publishing the OIDC JWKS file (such as to S3 alongside the discovery
document), in some cases the set contains items that either lack an
X.509 certificate or contain such a certificate issued for a subject
with common name other than "service-account." Ignore these extra key
set items and instead only project JWKS keys for those with an X.509
certificate with the expected subject common name.
 2022-08-24 10:07:20 -04:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
Kubernetes Prow Robot 19ffc06d3d
Merge pull request #11853 from johngmyers/override-issuer 
Allow overriding the ServiceAccountIssuer for IRSA
 2021-07-01 04:43:54 -07:00
John Gardiner Myers 24d1706848 Allow overriding the ServiceAccountIssuer for IRSA 2021-06-25 18:33:07 -07:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
John Gardiner Myers 3127dacc0c Expose all service-account keys through OIDC 2021-06-05 16:38:25 -07:00
Kubernetes Prow Robot 874d476cc4
Merge pull request #11673 from johngmyers/simplify-lifecycle 
Make Lifecycle field non-pointer
 2021-06-03 18:41:26 -07:00
Ole Markus With c7dc807fb4
Update pkg/model/issuerdiscovery.go 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-06-03 15:49:06 +02:00
Ole Markus With 736b9d6856 Drop trailing slash from oidc issuer 2021-06-03 15:07:55 +02:00
John Gardiner Myers 7c9e7e9286 Make Lifecycle field non-pointer 2021-06-02 23:02:16 -07:00
AkiraFukushima d52ec60c02
Fix issuer and jwks object path for IRSA 2021-06-01 23:35:21 +09:00
John Gardiner Myers 8bac63f951 Don't publish OIDC discovery if DiscoveryStore not set 2021-05-06 13:35:57 -07:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Ole Markus With 25b5f0cfb2 Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore 2021-04-30 19:19:06 +02:00
Ole Markus With 0f545f8659 Split oidc_provider 
* one builder concerned with publishing issuer discovery metadata
* one builder concerned with creating aws oidc provider
 2021-04-30 18:05:20 +02:00