kubevela

mirror of https://github.com/kubevela/kubevela.git synced 2026-03-05 19:22:03 +00:00

Author	SHA1	Message	Date
github-actions[bot]	e20ef02a6a	[Backport release-1.4] Feat: enhance controller auth by removing useless features & add authentication for componentrevision+healthcheck (#4023 ) * Feat: use application identity in gc & componentrevision & collectHealthStatus Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `63fc4bcc69`) * Chore: remove useless features and roles Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `f4ef77b2b3`) * Fix: remove DELETE from mutating webhook Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `75f3d5dc35`) * Chore: enhance deploy error display Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `e69079bdae`) * Fix: e2e test vela cli output match & controllerrevision recycle for serviceaccount impersonation Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `05b85573a2`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-05-27 16:00:04 +08:00
github-actions[bot]	eb386ce9f7	Feat: support impersonation for application in apiserver (#4000 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit `10dc83b60a`) Co-authored-by: Somefive <yd219913@alibaba-inc.com>	2022-05-26 16:55:09 +08:00
Somefive	cb5630af48	Fix: enhance grant privileges output (#3962 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-05-24 14:31:32 +08:00
Somefive	7976b32ba4	Fix: grant privilege readonly incorrect binding (#3953 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-05-23 17:23:08 +08:00
Somefive	c5b28cb4b3	Feat: vela auth grant-privileges (#3943 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-05-23 10:47:13 +08:00
Somefive	12ec62dd65	Feat: vela auth list-privileges (#3923 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-05-18 20:57:39 +08:00
Somefive	9d6706d48e	Feat: vela auth gen-kubeconfig (#3911 ) * Feat: vela create kubeconfig Signed-off-by: Somefive <yd219913@alibaba-inc.com> * Chore: refactor Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-05-18 16:14:00 +08:00
Somefive	2d28fb35eb	Feat: multi-cluster authentication (#3713 ) Signed-off-by: Somefive <yd219913@alibaba-inc.com>	2022-04-24 14:48:26 +08:00
Sunghoon Kang	1300a980f0	Feat: reconcile app with scoped permissions (#3434 ) * Refactor: refactor multi cluster round trippers Before adding more RoundTrippers, it would be better to expose common logic in the utility package. This commit exports `tryCancelRequest` at `utils` package, and make `secretMultiClusterRoundTripper` implement `RoundTripperWrapper` interface to allow chaining multiple round trippers. Refs #3432 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Feat: reconcile app with scoped permissions Currently, all Application resources are reconciled by the Roles bound to the controller service account. This behavior gives us the power to manage resources across multiple namespaces. However, this behavior can be problematic in the soft-multitenancy environment. This commit adds `serviceAccountName` to ApplicationSepc to reconcile Application with the given service account for reconciling Application with scoped permissions. Refs #3432 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Refactor: extract context setter as method https://github.com/oam-dev/kubevela/pull/3434#discussion_r825561603 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Feat: use annotation instead of spec https://github.com/oam-dev/kubevela/issues/3432#issuecomment-1066460269 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Refactor: unify service account setter caller https://github.com/oam-dev/kubevela/pull/3434#discussion_r825853612 Signed-off-by: Sunghoon Kang <hoon@linecorp.com> * Refactor: rename GetServiceAccountName https://github.com/oam-dev/kubevela/pull/3434#discussion_r826514565 Signed-off-by: Sunghoon Kang <hoon@linecorp.com>	2022-03-15 11:55:50 +08:00

9 Commits