kubevela

mirror of https://github.com/kubevela/kubevela.git synced 2026-05-22 01:03:27 +00:00

Author	SHA1	Message	Date
github-actions[bot]	87b6c9416e	[Backport release-1.4] Feat: minimize controller privileges & enforce authentication in multicluster e2e test (#4044 ) * Feat: enable auth in multicluster test & restrict controller privileges while enabling authentication Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `fc3fc39eb0`) * Feat: fix statekeep permission leak & comprev cleanup leak Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `eaa317316d`) * Fix: use user info in ref-object select Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `67463d13fe`) * Feat: set legacy-rt-gc to disabled by default Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `77f1fc4286`) * Fix: pending healthscope with authentication test Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `c21ae8ac6a`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-05-28 01:27:35 +08:00
Xiangbo Ma	fc078bbd93	Feat: extend apply-once to allow specified path configuration to drift (#3899 ) Signed-off-by: fourierr <maxiangboo@qq.com>	2022-05-17 16:29:16 +08:00
Somefive	2d28fb35eb	Feat: multi-cluster authentication (#3713 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-04-24 14:48:26 +08:00
Sunghoon Kang	1300a980f0	Feat: reconcile app with scoped permissions (#3434 ) * Refactor: refactor multi cluster round trippers Before adding more RoundTrippers, it would be better to expose common logic in the utility package. This commit exports `tryCancelRequest` at `utils` package, and make `secretMultiClusterRoundTripper` implement `RoundTripperWrapper` interface to allow chaining multiple round trippers. Refs #3432 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Feat: reconcile app with scoped permissions Currently, all Application resources are reconciled by the Roles bound to the controller service account. This behavior gives us the power to manage resources across multiple namespaces. However, this behavior can be problematic in the soft-multitenancy environment. This commit adds `serviceAccountName` to ApplicationSepc to reconcile Application with the given service account for reconciling Application with scoped permissions. Refs #3432 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Refactor: extract context setter as method https://github.com/oam-dev/kubevela/pull/3434#discussion_r825561603 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Feat: use annotation instead of spec https://github.com/oam-dev/kubevela/issues/3432#issuecomment-1066460269 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Refactor: unify service account setter caller https://github.com/oam-dev/kubevela/pull/3434#discussion_r825853612 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Refactor: rename GetServiceAccountName https://github.com/oam-dev/kubevela/pull/3434#discussion_r826514565 Signed-off-by: Sunghoon Kang <hoon@linecorp.com>	2022-03-15 11:55:50 +08:00
Somefive	19424cfaa4	Fix: add state keep for healthy suspend (#3426 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-03-14 14:38:43 +08:00
Somefive	4dc213469a	Feat: add compatibility code for new rt (#2920 ) Signed-off-by: Yin Da <yd219913@alibaba-inc.com>	2021-12-14 21:27:47 +08:00
Somefive	a89bb69a62	Fix: add design docs for ResourceTracker (#2909 ) * Fix: enhance rt logic and add docs Signed-off-by: Yin Da <yd219913@alibaba-inc.com> * Fix: test conflict Signed-off-by: Yin Da <yd219913@alibaba-inc.com>	2021-12-13 19:41:42 +08:00
Somefive	b622cbdb7f	Feat: ResourceTracker new architecture (#2849 ) * Feat: new rt Signed-off-by: Yin Da <yd219913@alibaba-inc.com> * Fix: add publish version Signed-off-by: Yin Da <yd219913@alibaba-inc.com>	2021-12-10 15:00:03 +08:00

8 Commits