Monis Khan 898f2bf942 impersonator: run as a distinct SA with minimal permissions ... This change updates the impersonation proxy code to run as a distinct service account that only has permission to impersonate identities. Thus any future vulnerability that causes the impersonation headers to be dropped will fail closed instead of escalating to the concierge's default service account which has significantly more permissions. Signed-off-by: Monis Khan <mok@vmware.com>		2021-06-11 12:13:53 -04:00
..
apiserver	certauthority.go: Refactor issuing client versus server certs	2021-03-12 16:09:37 -08:00
impersonator	impersonator: run as a distinct SA with minimal permissions	2021-06-11 12:13:53 -04:00
scheme	Remove metav1.ExportOptions from scheme tests.	2021-04-09 13:00:50 -05:00
server	dynamiccert: split into serving cert and CA providers	2021-03-15 12:24:07 -04:00