We now partly drop the support for seccomp annotations which is planned
for v1.25 as part of the KEP:
https://github.com/kubernetes/enhancements/issues/135
Pod security policies are not touched by this change and therefore we
have to keep the annotation key constants.
This means we only allow the usage of the annotations for backwards
compatibility reasons while the synchronization of the field to
annotation is no longer supported. Using the annotations for static pods
is also not supported any more.
Making the annotations fully non-functional will be deferred to a
future release.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Refactor common validation into methods that validate a single container
and call these methods when iterating the three types of container
lists. Move initContainer-specific validation from validateContainers to
validateInitContainers.
This resolves issues where init and ephemeral containers would return
duplicate or incorrectly formatted errors for problems detected by
validateContainers.
Adds missing tests based on KUBE_COVER and checks that errors returned
by validation are of the type and for the field expected. Fixes tests
that had multiple errors so later failures aren't masked if there's
a regression in only one of the errors.
This introduces no changes to unit tests other than to switch from
map-based to struct-based tables in TestValidateContainers and
TestValidateInitContainers in order to make diffs for later commits
easier to read.
At present the CSI spec secret name validation for ControllerPublish,
ControllerExpand, NodePublish secrets are performed against
ValidateDNS1123Label() and it causes the secret name validation
inside the CSI spec to go wrong if the secret name is more than 63 chars.
Kubernetes allow the secret object name to be on `DNS SubDomainName`
and having a secret name length between 0-253 is correct/valid. So the CSI
spec validation also has to be performed accordingly.
This commit address this issue in validation for above mentioned funcs.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
* restructure tests
restructure TestValidateStatefulSet and TestValidateStatefulSetUpdate to be an array and accept list of expected errors. in this commits, no tests were changed and expected errors are not filled yet
* add expected errors
adding expected errors and making the tests pass, without making any changes to the tests
* clean up TestValidateStatefulSet error cases
* clean up TestValidateStatefulSetUpdate cases
* validate new statefulset as part of update validation
* address PR comments
considering many PV sources exist today with secretRef fields
this introduce a secretRef validation function which could be
used based on the pv spec source type. There are different field
restrictions exist today for these PV types like some of them
dont need namespace reference..etc. The PV spec validation has
to be adjusted for different PVs, but this commit try to make
use of this newly introduced secretRef validation function for
CSI volume source.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
CSI spec 1.5 enhanced the spec to add optional secrets field to
NodeExpandVolumeRequest. This commit adds NodeExpandSecret to the
CSI PV source and also derive the expansion secret in csiclient to
send it out as part of the nodeexpand request.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Signed-off-by: zhucan <zhucan.k8s@gmail.com>
* Introduce networking/v1alpha1 api, ClusterCIDRConfig type
Introduce networking/v1alpha1 api group.
Add `ClusterCIDRConfig` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
* Change ClusterCIDRConfig.NodeSelector type in api
* Fix review comments for API
* Update ClusterCIDRConfig API Spec
Introduce PerNodeHostBits field, remove PerNodeMaskSize
* Add FeatureGate PodHostIPs
* Add HostIPs field and update PodIPs field
* Types conversion
* Add dropDisabledStatusFields
* Add HostIPs for kubelet
* Add fuzzer for PodStatus
* Add status.hostIPs in ConvertDownwardAPIFieldLabel
* Add status.hostIPs in validEnvDownwardAPIFieldPathExpressions
* Downward API support for status.hostIPs
* Add DownwardAPI validation for status.hostIPs
* Add e2e to check that hostIPs works
* Add e2e to check that Downward API works
* Regenerate
Default to enabled
Fix validation of null-updates/patches when the "old" PVC was persisted by
an older version. Add upgrade integration tests written by liggitt.
