- Sort Score
- Result 10 results
- Languages All
Results 101 - 110 of 256 for authorizer (0.29 sec)
-
cmd/kubeadm/app/constants/constants.go
ModeABAC string = "ABAC" // ModeWebhook is the mode to make an external webhook call to authorize ModeWebhook string = "Webhook" // ModeRBAC is the mode to use Role Based Access Control to authorize ModeRBAC string = "RBAC" // ModeNode is an authorization mode that authorizes API requests made by kubelets. ModeNode string = "Node" // PauseVersion indicates the default pause image version for kubeadm
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Jun 01 03:36:35 UTC 2024 - 32.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go
varOpts = append(varOpts, createVariableOpts(types.params, plugincel.ParamsVarName)...) } // authorizer, implicitly available to all expressions of a policy if hasAuthorizer { // we only need its structure but not the variable itself varOpts = append(varOpts, cel.Variable("authorizer", library.AuthorizerType)) } return baseEnv.Extend( environment.VersionedOptions{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 22:07:40 UTC 2024 - 15.3K bytes - Viewed (0) -
cmd/kubeadm/app/cmd/phases/init/kubeletfinalize.go
if !ok { return errors.Errorf("the file %q does not contain authentication for user %q", kubeconfigPath, cfg.NodeRegistration.Name) } // Update the client certificate and key of the node authorizer to point to the PEM symbolic link. info.ClientKeyData = []byte{} info.ClientCertificateData = []byte{} info.ClientKey = pemPath info.ClientCertificate = pemPath // Writes the kubeconfig back to disk.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Apr 23 10:54:51 UTC 2024 - 6.8K bytes - Viewed (0) -
security/pkg/server/ca/node_auth.go
clusterID := kubeauth.ExtractClusterID(ctx) na := m.component.ForCluster(clusterID) if na == nil { return fmt.Errorf("no node authorizer for cluster %v", clusterID) } return (*na).authenticateImpersonation(caller, requestedIdentityString) } // ClusterNodeAuthorizer is a component that implements a subset of Kubernetes Node Authorization
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 28 16:41:38 UTC 2024 - 6.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/audit" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager" "k8s.io/apiserver/pkg/endpoints/handlers/finisher" requestmetrics "k8s.io/apiserver/pkg/endpoints/handlers/metrics"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 28.5K bytes - Viewed (0) -
security/pkg/server/ca/node_auth_test.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Feb 28 16:41:38 UTC 2024 - 10.5K bytes - Viewed (0) -
pkg/kubeapiserver/options/authentication.go
if o.Anonymous.Allow && sets.NewString(authorization.Modes...).Has(authzmodes.ModeAlwaysAllow) { klog.Warningf("AnonymousAuth is not allowed with the AlwaysAllow authorizer. Resetting AnonymousAuth to false. You should use a different authorizer") o.Anonymous.Allow = false } } func (o *BuiltInAuthenticationOptions) validateOIDCOptions() []error { var allErrors []error
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 22:40:22 UTC 2024 - 32.4K bytes - Viewed (0) -
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/apiserver.go
c.GenericConfig.AdmissionControl, establishingController, c.ExtraConfig.ServiceResolver, c.ExtraConfig.AuthResolverWrapper, c.ExtraConfig.MasterCount, s.GenericAPIServer.Authorizer, c.GenericConfig.RequestTimeout, time.Duration(c.GenericConfig.MinRequestTimeout)*time.Second, apiGroupInfo.StaticOpenAPISpec, c.GenericConfig.MaxRequestBodyBytes, ) if err != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Oct 19 14:31:43 UTC 2023 - 11.5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
allErrs := field.ErrorList{} if len(c.Authorizers) == 0 { allErrs = append(allErrs, field.Required(fldPath.Child("authorizers"), "at least one authorization mode must be defined")) } seenAuthorizerTypes := sets.NewString() seenAuthorizerNames := sets.NewString() for i, a := range c.Authorizers { fldPath := fldPath.Child("authorizers").Index(i) aType := string(a.Type) if aType == "" {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 22:07:40 UTC 2024 - 31.3K bytes - Viewed (0) -
cmd/kubeadm/app/cmd/phases/join/kubelet.go
// runKubeletStartJoinPhase executes the kubelet TLS bootstrap process. // This process is executed by the kubelet and completes with the node joining the cluster // with a dedicates set of credentials as required by the node authorizer func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) { cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c) if err != nil { return err } data, ok := c.(JoinData)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Jun 01 07:10:31 UTC 2024 - 10.3K bytes - Viewed (0)