- Sort Score
- Result 10 results
- Languages All
Results 191 - 200 of 583 for authorizer (0.19 sec)
-
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/apiserver.go
c.GenericConfig.AdmissionControl, establishingController, c.ExtraConfig.ServiceResolver, c.ExtraConfig.AuthResolverWrapper, c.ExtraConfig.MasterCount, s.GenericAPIServer.Authorizer, c.GenericConfig.RequestTimeout, time.Duration(c.GenericConfig.MinRequestTimeout)*time.Second, apiGroupInfo.StaticOpenAPISpec, c.GenericConfig.MaxRequestBodyBytes, ) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Oct 19 14:31:43 UTC 2023 - 11.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
allErrs := field.ErrorList{} if len(c.Authorizers) == 0 { allErrs = append(allErrs, field.Required(fldPath.Child("authorizers"), "at least one authorization mode must be defined")) } seenAuthorizerTypes := sets.NewString() seenAuthorizerNames := sets.NewString() for i, a := range c.Authorizers { fldPath := fldPath.Child("authorizers").Index(i) aType := string(a.Type) if aType == "" {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 22:07:40 UTC 2024 - 31.3K bytes - Viewed (0) -
cmd/kubeadm/app/cmd/phases/join/kubelet.go
// runKubeletStartJoinPhase executes the kubelet TLS bootstrap process. // This process is executed by the kubelet and completes with the node joining the cluster // with a dedicates set of credentials as required by the node authorizer func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) { cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c) if err != nil { return err } data, ok := c.(JoinData)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Jun 01 07:10:31 UTC 2024 - 10.3K bytes - Viewed (0) -
security/pkg/server/ca/server_test.go
callerClusterID cluster.ID trustedNodeAccounts sets.Set[types.NamespacedName] isMultiCluster bool remoteClusterPods []pod code codes.Code }{ { name: "No node authorizer", authenticators: []security.Authenticator{&mockAuthenticator{ identities: []string{"test-identity"}, kubernetesInfo: ztunnelCaller, }}, ca: &mockca.FakeCA{ SignedCert: []byte("cert"),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 28 16:41:38 UTC 2024 - 15.8K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("persistentvolumeclaims", "persistentvolumes").RuleOrDie(), // TODO: add to the Node authorizer and restrict to endpoints referenced by pods or PVs bound to the node // Needed for glusterfs volumes rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("endpoints").RuleOrDie(),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 19:25:10 UTC 2024 - 34.4K bytes - Viewed (0) -
pkg/kubelet/apis/config/types.go
// Authorization in the Kubelet. type KubeletWebhookAuthorization struct { // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer. CacheAuthorizedTTL metav1.Duration // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer. CacheUnauthorizedTTL metav1.Duration } // KubeletAuthentication holds the Kubetlet Authentication setttings.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Mar 05 21:10:42 UTC 2024 - 35.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/genericapiserver_graceful_termination_test.go
"testing" "time" utilnet "k8s.io/apimachinery/pkg/util/net" "k8s.io/apimachinery/pkg/util/wait" auditinternal "k8s.io/apiserver/pkg/apis/audit" "k8s.io/apiserver/pkg/audit" "k8s.io/apiserver/pkg/authorization/authorizer" apirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/server/dynamiccertificates" "k8s.io/klog/v2" "k8s.io/klog/v2/ktesting" "github.com/google/go-cmp/cmp" "golang.org/x/net/http2" )
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Apr 29 18:59:21 UTC 2024 - 38.3K bytes - Viewed (0) -
plugin/pkg/admission/serviceaccount/admission.go
s.serviceAccountLister = serviceAccountInformer.Lister() s.SetReadyFunc(func() bool { return serviceAccountInformer.Informer().HasSynced() }) } // ValidateInitialization ensures an authorizer is set. func (s *Plugin) ValidateInitialization() error { if s.client == nil { return fmt.Errorf("missing client") } if s.serviceAccountLister == nil { return fmt.Errorf("missing serviceAccountLister")
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Apr 12 17:49:30 UTC 2024 - 18.6K bytes - Viewed (0) -
api/openapi-spec/v3/apis__admissionregistration.k8s.io__v1alpha1_openapi.json
its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName`...
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 04:18:56 UTC 2024 - 235.4K bytes - Viewed (0) -
api/openapi-spec/v3/apis__admissionregistration.k8s.io__v1beta1_openapi.json
its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName`...
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 04:18:56 UTC 2024 - 235.7K bytes - Viewed (0)