upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-21 01:17:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/plugin/pkg/admission
History
Anish Ramasekar 7262edeb59
fix(admission): reword NodeRestriction audience authorization error 
The previous error message said the audience was "not found in pod
spec volume", which led users to mount a spurious projected service
account token volume in the pod spec to satisfy the check. That is
not the intended remedy: kubelets should be authorized via RBAC to
request tokens for the configured audience.

Reword the error to a generic "is not authorized to request tokens
for audience %q" so users are not pushed toward modifying pod specs.
The valid authorization paths (pod spec volume, CSIDriver tokenRequests,
or the request-serviceaccounts-token-audience verb) are documented
in the kubelet credential provider task page.

Update the unit and integration test expectations to match.
2026-05-13 16:30:51 -07:00
..
admit hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
alwayspullimages Add ImageVolumeSource API 2024-07-18 17:25:54 +02:00
antiaffinity remove import doc comments 2024-12-02 16:59:34 +01:00
certificates Add the Unconditional prefix to Authorizer and WantsAuthorizer interfaces 2026-05-07 22:22:14 +03:00
defaulttolerationseconds Plumb effective version into admission initializer 2025-09-17 15:23:31 -04:00
deny hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
eventratelimit Drop meaningless ,inline from json tags 2026-05-13 11:24:04 -04:00
extendedresourcetoleration hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
gc Add the Unconditional prefix to Authorizer and WantsAuthorizer interfaces 2026-05-07 22:22:14 +03:00
imagepolicy remove import doc comments 2024-12-02 16:59:34 +01:00
job remove accidently commited file 2026-04-04 12:53:30 +05:30
limitranger Plumb effective version into admission initializer 2025-09-17 15:23:31 -04:00
namespace Plumb effective version into admission initializer 2025-09-17 15:23:31 -04:00
network chore: depr. pointer pkg replacement for pkg/security and plugin/pkg 2025-07-08 11:22:07 +02:00
nodedeclaredfeatures Switch to bitmapped FeatureSet implementation. 2026-03-13 04:28:16 +00:00
noderestriction fix(admission): reword NodeRestriction audience authorization error 2026-05-13 16:30:51 -07:00
nodetaint hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
podnodeselector Plumb effective version into admission initializer 2025-09-17 15:23:31 -04:00
podresize add pod resize feasibility check admission plugin 2026-03-17 17:12:31 +00:00
podtolerationrestriction Drop meaningless ,inline from json tags 2026-05-13 11:24:04 -04:00
podtopologylabels Plumb effective version into admission initializer 2025-09-17 15:23:31 -04:00
priority Add Workload-Aware Preemption fields to Workload and PodGroup APIs 2026-03-24 09:03:50 +01:00
resourcequota Merge pull request #137497 from atombrella/feature/modernize_activate_forvar 2026-03-09 14:01:11 +05:30
runtimeclass fail admission check upon nil/empty overhead map 2024-02-04 21:53:38 -08:00
scheduling/podgroupprotection Add admission plugin for PodGroup to add finalizer to every new object 2026-03-18 15:28:14 +00:00
security drop UserNamespacesPodSecurityStandards feature gate 2025-10-31 14:08:21 -04:00
serviceaccount chore: depr. pointer pkg replacement for pkg/security and plugin/pkg 2025-07-08 11:22:07 +02:00
storage Move dump package from apimachinery to k8s.io/utils 2026-02-12 07:34:19 -05:00
OWNERS Add jpbetz to admission plugin approvers 2023-07-11 15:25:17 -04:00