Skip to content

Commit

Permalink
Merge pull request #91921 from mtaufen/said-beta
Browse files Browse the repository at this point in the history 
Graduate ServiceAccountIssuerDiscovery to beta
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Sep 12, 2020
2 parents a33f6b4 + 4f850f9 commit 2cb951d
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 1 deletion.
3 changes: 2 additions & 1 deletion pkg/features/kube_features.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,7 @@ const (

// owner: @mtaufen
// alpha: v1.18
// beta: v1.20
//
// Enable OIDC discovery endpoints (issuer and JWKS URLs) for the service
// account issuer in the API server.
Expand Down Expand Up @@ -682,7 +683,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
TokenRequest: {Default: true, PreRelease: featuregate.Beta},
TokenRequestProjection: {Default: true, PreRelease: featuregate.Beta},
BoundServiceAccountTokenVolume: {Default: false, PreRelease: featuregate.Alpha},
ServiceAccountIssuerDiscovery: {Default: false, PreRelease: featuregate.Alpha},
ServiceAccountIssuerDiscovery: {Default: true, PreRelease: featuregate.Beta},
CRIContainerLogRotation: {Default: true, PreRelease: featuregate.Beta},
CSIMigration: {Default: true, PreRelease: featuregate.Beta},
CSIMigrationGCE: {Default: false, PreRelease: featuregate.Beta}, // Off by default (requires GCE PD CSI Driver)
Expand Down
17 changes: 17 additions & 0 deletions plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-role-bindings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,23 @@ items:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:unauthenticated
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: null
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:service-account-issuer-discovery
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:service-account-issuer-discovery
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
Expand Down
15 changes: 15 additions & 0 deletions plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1220,6 +1220,21 @@ items:
- /version/
verbs:
- get
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: null
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:service-account-issuer-discovery
rules:
- nonResourceURLs:
- /.well-known/openid-configuration
- /openid/v1/jwks
verbs:
- get
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
Expand Down

0 comments on commit 2cb951d

Please sign in to comment.