github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
111,339 Commits 1 Branch 31 Tags
003fbae25bf4c76b8b71d56206b51e1ee6e80812
Commit Graph

1152 Commits

Author SHA1 Message Date
aimuz
bd441d0a58 Fixed: 22422 use singleflight to alleviate simultaneous calls to 
Signed-off-by: aimuz <mr.imuz@gmail.com>
 2022-10-22 00:16:27 +08:00
danishprakash
f10f4d372c pv_controller: update tests for multiple storageclasses 
Signed-off-by: danishprakash <grafitykoncept@gmail.com>
 2022-10-19 09:33:44 +05:30
danishprakash
f12325add3 pkg/admission/storageclass: pick random storageclass if >1 present 
Signed-off-by: danishprakash <grafitykoncept@gmail.com>
 2022-10-19 09:30:48 +05:30
cndoit18
ec43037d0f style: remove redundant judgment 
Signed-off-by: cndoit18 <cndoit18@outlook.com>
 2022-08-25 12:07:36 +08:00
Davanum Srinivas
9bbf01bae9 Remove references to openstack and cinder 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-08-22 16:43:14 -04:00
Roman Bednar
42b24b7baf move storage class helpers to utils 2022-08-02 20:52:04 +02:00
Davanum Srinivas
a9593d634c Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-07-26 13:14:05 -04:00
Abirdcfly
00b9ead02c cleanup: remove duplicate import 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
 2022-07-14 11:25:19 +08:00
kidddddddddddddddddddddd
60b18fbf9d ingressclass 2022-07-11 09:48:45 +08:00
wangyysde
ab66a38194 PodSecurity: promote config and feature gate to GA 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2022-06-15 09:29:47 +08:00
Wojciech Tyczyński
f8211d7e44 Fix ResourceQuota admission shutdown 2022-05-23 12:34:50 +02:00
Jordan Liggitt
410ac59c0d Remove PodSecurityPolicy admission plugin 2022-05-04 16:00:56 -04:00
Tim Allclair
bdebc62d49 Don't add audit annotations directly to the audit event 2022-03-28 17:03:53 -07:00
Kubernetes Prow Robot
c239b406f0 Merge pull request #108929 from gnufied/move-expansion-feature-gate-ga 
Move all volume expansion feature gates to GA
 2022-03-25 18:08:16 -07:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
Kubernetes Prow Robot
2d46f1bc30 Merge pull request #103062 from ikeeip/component_helper_storage 
Move volume helpers to "k8s.io/component-helpers/storage/volume".
 2022-03-23 13:21:20 -07:00
Monis Khan
fef7d0ef1e webhook: use rest.Config instead of kubeconfig file as input 
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-17 20:47:42 -04:00
Paco Xu
acd696266e mark PodOverhead to GA in v1.24; remove in v1.26 2022-03-17 09:30:14 +08:00
Konstantin Misyutin
1d7cefe9c4 Move volume helpers to "k8s.io/component-helpers/storage/volume". 
This patch aims to simplify decoupling "pkg/scheduler/framework/plugins"
from internal "k8s.io/kubernetes" packages. More described in
issue #89930 and PR #102953.

Some helpers from "k8s.io/kubernetes/pkg/controller/volume/persistentvolume"
package moved to "k8s.io/component-helpers/storage/volume" package:

- IsDelayBindingMode
- GetBindVolumeToClaim
- IsVolumeBoundToClaim
- FindMatchingVolume
- CheckVolumeModeMismatches
- CheckAccessModes
- GetVolumeNodeAffinity

Also "CheckNodeAffinity" from "k8s.io/kubernetes/pkg/volume/util"
package moved to "k8s.io/component-helpers/storage/volume" package
to prevent diamond dependency conflict.

Signed-off-by: Konstantin Misyutin <konstantin.misyutin@huawei.com>
 2022-03-16 15:43:09 +08:00
Kubernetes Prow Robot
7c6f09e4b0 Merge pull request #106565 from kerthcet/feature/addd-several-testcases-to-cover-priority-admission 
add several testcases to cover PriorityClass admission veeifications
 2022-03-03 10:43:48 -08:00
Kubernetes Prow Robot
24e5d1fdb7 Merge pull request #107432 from denkensk/graduate-nonpreemptingpriority-to-ga 
Graduate NonPreemptingPriority to GA
 2022-02-08 11:05:03 -08:00
Alex Wang
541907334e graduate nonpreemptingpriority to ga 2022-02-08 18:11:23 +08:00
Hemant Kumar
4d956f053a Fix bug with node restriction blocking pvc.status.resizestatus change 2022-01-21 10:03:26 -05:00
Davanum Srinivas
9682b7248f OWNERS cleanup - Jan 2021 Week 1 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-01-10 08:14:29 -05:00
prateekpandey14
f9cf14f3f6 fix static check of importing the same package multiple times 
Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>
 2021-12-14 11:06:44 +05:30
Davanum Srinivas
9405e9b55e Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-09 21:31:26 -05:00
kerthcet
cc999f69e7 add several testcases to cover PriorityClass admission veeifications 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2021-11-20 15:12:09 +08:00
Konstantin Misyutin
808c8f42d5 Remove StorageObjectInUseProtection feature gate logic 
This feature has graduated to GA in v1.11 and will always be
enabled. So no longe need to check if enabled.

Signed-off-by: Konstantin Misyutin <konstantin.misyutin@huawei.com>
 2021-11-03 00:13:50 +03:00
Jordan Liggitt
1bff65e6f8 PodSecurity: benchmark large numbers of owned pods 2021-11-02 08:43:27 -04:00
Tim Allclair
6c273020d3 [PodSecurity] Avoid the LegcayRegistry for metrics serving 2021-11-01 14:23:00 -07:00
Tim Allclair
e46928c0b1 [PodSecurity] Fix up metrics & add tests 
Update pod security metrics to match the spec in the KEP.
 2021-11-01 14:11:19 -07:00
Kubernetes Prow Robot
c592bd40f2 Merge pull request #105609 from pohly/generic-ephemeral-volume-ga 
generic ephemeral volume GA
 2021-10-28 17:36:50 -07:00
Alkaid
ae9ca48f01 [PodSecurity] Implement metricRecorder for admission (#104217) 
* init

Signed-off-by: jyz0309 <45495947@qq.com>

go fmt

Signed-off-by: jyz0309 <45495947@qq.com>

remove useless code

Signed-off-by: jyz0309 <45495947@qq.com>

add metrics.Attributes interface

Signed-off-by: jyz0309 <45495947@qq.com>

address comment

Signed-off-by: jyz0309 <45495947@qq.com>

go fmt code

Signed-off-by: jyz0309 <45495947@qq.com>

resolve import cycle

Signed-off-by: jyz0309 <45495947@qq.com>

fix comment

Signed-off-by: jyz0309 <45495947@qq.com>

fix lints

Signed-off-by: jyz0309 <45495947@qq.com>

fix build error

Signed-off-by: jyz0309 <45495947@qq.com>

fix test

Signed-off-by: jyz0309 <45495947@qq.com>

try

Signed-off-by: jyz0309 <45495947@qq.com>

* try to compare version

Signed-off-by: jyz0309 <45495947@qq.com>

fix conflict

Signed-off-by: jyz0309 <45495947@qq.com>

remove unuse change

Signed-off-by: jyz0309 <45495947@qq.com>

* address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* fix import error

Signed-off-by: jyz0309 <45495947@qq.com>

fix import

Signed-off-by: jyz0309 <45495947@qq.com>

address comment

Signed-off-by: jyz0309 <45495947@qq.com>

address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* format code

Signed-off-by: jyz0309 <45495947@qq.com>

* remove exempt and error record

Signed-off-by: jyz0309 <45495947@qq.com>

* ignore pod

Signed-off-by: jyz0309 <45495947@qq.com>

* add decision default value

Signed-off-by: jyz0309 <45495947@qq.com>

* address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* remore useless import

Signed-off-by: jyz0309 <45495947@qq.com>

* remove policy vaild check

Signed-off-by: jyz0309 <45495947@qq.com>

use init to register metric

Signed-off-by: jyz0309 <45495947@qq.com>

fix test

Signed-off-by: jyz0309 <45495947@qq.com>

remove check

Signed-off-by: jyz0309 <45495947@qq.com>

remove blank line

Signed-off-by: jyz0309 <45495947@qq.com>

add allowedImports

Signed-off-by: jyz0309 <45495947@qq.com>

Add mock recorder

Signed-off-by: jyz0309 <45495947@qq.com>

format code

Signed-off-by: jyz0309 <45495947@qq.com>

separe record into 3 function

Signed-off-by: jyz0309 <45495947@qq.com>

* fix comment

Signed-off-by: jyz0309 <45495947@qq.com>
 2021-10-20 20:02:08 -07:00
Patrick Ohly
a8c930ef46 generic ephemeral volume: graduation to GA 
The feature gate gets locked to "true", with the goal to remove it in two
releases.

All code now can assume that the feature is enabled. Tests for "feature
disabled" are no longer needed and get removed.

Some code wasn't using the new helper functions yet. That gets changed while
touching those lines.
 2021-10-11 20:54:20 +02:00
Jordan Liggitt
77d65dca44 PodSecurity: add namespace update verify benchmark 2021-10-04 12:26:30 -04:00
Jordan Liggitt
13e0887c4c PodSecurity: add admission benchmark 
go test ./plugin/pkg/admission/security/podsecurity -bench /pod -benchmem
goos: darwin
goarch: amd64
pkg: k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity
cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
BenchmarkVerifyPod/enforce-implicit_pod-12         	  702789	      1585 ns/op	    2120 B/op	      12 allocs/op
BenchmarkVerifyPod/enforce-privileged_pod-12       	  737588	      1607 ns/op	    2120 B/op	      12 allocs/op
BenchmarkVerifyPod/enforce-baseline_pod-12         	  409818	      2974 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/enforce-restricted_pod-12       	  370262	      3385 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/warn-baseline_pod-12            	  391808	      3101 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/warn-restricted_pod-12          	  349411	      3452 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12         	  208221	      5735 ns/op	    5864 B/op	      27 allocs/op
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12      	  249662	      4849 ns/op	    4616 B/op	      22 allocs/op
PASS
ok  	k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity	10.707s
 2021-09-21 16:20:11 -04:00
Kubernetes Prow Robot
353f0a5eab Merge pull request #105095 from wojtek-t/migrate_clock_3 
Unify towards k8s.io/utils/clock - part 3
 2021-09-20 12:46:45 -07:00
wojtekt
d9b08c611d Migrate to k8s.io/utils/clock 2021-09-17 15:19:08 +02:00
Madhav Jivrajani
b05b9ecbef replace package realClock impl. with clock.RealClock 
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2021-09-14 20:56:57 +05:30
Kubernetes Prow Robot
1a845ccd07 Merge pull request #103603 from mengjiao-liu/update-ingress-to-v1 
Promote `ingressclass.kubernetes.io/is-default-class` annotation to networking/v1
 2021-08-24 20:24:39 -07:00
Stephen Augustus
481cf6fbe7 generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-08-24 15:47:49 -04:00
Jordan Liggitt
47859b7781 Ensure serviceaccount admission produces v1 Pod matching defaults after round-trip 2021-08-23 11:32:10 -04:00
Jordan Liggitt
ccbdf041a2 Fix slice type comparison bug 2021-08-18 11:30:34 -04:00
Davanum Srinivas
26cc8e40a8 fix deadcode issues 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-07-14 08:41:21 -04:00
Mengjiao Liu
792665e1ea Promote ingressclass.kubernetes.io/is-default-class annotation to networking/v1 2021-07-09 15:48:13 +08:00
Davanum Srinivas
79d0c6cdc1 switch from golang-lru to the one in k8s.io/utils 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-07-07 22:31:37 -04:00
Jordan Liggitt
1dfacd3c70 PodSecurity: use code/reason/details from admission library 2021-07-07 16:25:16 -04:00
Tim Allclair
cf6ba6096f Move pod-security-admission to an external Attributes interface 2021-07-06 15:15:15 -07:00
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Shihang Zhang
88b31814f4 BoundServiceAccountTokenVolume ga 2021-05-13 20:45:47 -07:00