-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Node authorizer and NodeRestriction admission in kubemark #46921
Enable Node authorizer and NodeRestriction admission in kubemark #46921
Conversation
Yeah, I know the issue, will fix on monday |
5b9baff
to
1d98554
Compare
@liggitt - BIG thanks for this change! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gmarek, liggitt Associated issue: 279 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Adding 1.7. We need this test coverage to test scalability of node auth. |
/retest |
Automatic merge from submit-queue (batch tested with PRs 46441, 43987, 46921, 46823, 47276) |
xref kubernetes/enhancements#279
We want to ensure scale testing covers use of the authorizer/admission pair that partitions nodes. This includes enabling the authorizer, which populates a graph of existing nodes and pods.
Kubemark is still running all nodes with a single credential, so a follow-up step is to generate unique credentials per node (or enable TLS bootstrapping) and remove the temporary rolebinding added in this PR so the node authorizer is the one authorizing each call by a hollow node.