github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
101,926 Commits 1 Branch 31 Tags
00dba76918e8ce5b5cff6719bbd64c2cd38ad4e2
Commit Graph

13531 Commits

Author SHA1 Message Date
Ben Swartzlander
00dba76918 Add DataSourceRef field to PVC spec 
Modify the behavior of the AnyVolumeDataSource alpha feature gate to enable
a new field, DataSourceRef, rather than modifying the behavior of the
existing DataSource field. This allows addition Volume Populators in a way
that doesn't risk breaking backwards compatibility, although it will
result in eventually deprecating the DataSource field.
 2021-07-06 21:17:41 -04:00
Kubernetes Prow Robot
642f42d62b Merge pull request #103364 from aramase/check-privileged 
[PodSecurity] Add privileged containers baseline check
 2021-06-30 16:11:48 -07:00
Kubernetes Prow Robot
0dad7d1c47 Merge pull request #103318 from jpbetz/fix-102749 
Bump SMD to v4.1.2 to pick up #102749 fix
 2021-06-30 14:03:03 -07:00
Anish Ramasekar
5bd3334ad6 [PodSecurity] Add privileged containers baseline check 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2021-06-30 16:39:28 -04:00
Joe Betz
b790cf388c Bump SMD to v4.1.2 to pick up #102749 fix 2021-06-30 12:06:35 -07:00
Kubernetes Prow Robot
60ea3b6d52 Merge pull request #103325 from njuptlzf/psp-sysctls 
[PodSecurity] Implement sysctls check
 2021-06-30 11:50:07 -07:00
Kubernetes Prow Robot
0ccdc4afc3 Merge pull request #103315 from sejr/test-psp-hostPath 
[Pod Security] HostPath baseline check
 2021-06-30 11:49:54 -07:00
Kubernetes Prow Robot
4dc82f94ed Merge pull request #103314 from PushkarJ/psp-hostports 
[PodSecurity] Implement host ports check
 2021-06-30 11:49:41 -07:00
Kubernetes Prow Robot
a6ef76157b Merge pull request #102623 from vazmin/bug-cli-string-slice-flag 
fix bug where string slice flag is not assigned
 2021-06-30 11:49:28 -07:00
Kubernetes Prow Robot
f962166f30 Merge pull request #100339 from p0lyn0mial/upstream-delegated-authz-metrics 
adds metrics for delegated authz
 2021-06-30 11:49:16 -07:00
Kubernetes Prow Robot
98d20f552b Merge pull request #99378 from mattcary/api 
StatefulSet PersistentVolumeClaimDeletePolicy
 2021-06-30 11:49:03 -07:00
Kubernetes Prow Robot
044fd6fdf6 Merge pull request #99829 from palnabarun/migrate-to-go-embed 
Replace go-bindata with //go:embed
 2021-06-30 10:37:03 -07:00
Pushkar Joglekar
d57e143277 [PodSecurity] Implement host ports check 
Applies to baseline policy. Since host ports is
a niche feature, usage of any host ports is
forbidden for either app container or init container

Refactored two fixtures into one for non-host ports in app container and init container

Fixes based on PR feedback
- remove no-op if check,
- use correct Int32 list for hostPort
- remove ensureHostPorts func

Removed redundant fixtures as per PR feedback

Removed minimal valid pod

Updates after gofmt
 2021-06-30 09:26:22 -07:00
njuptlzf
1ac0e018d5 [PodSecurity] Implement sysctls check 2021-06-30 21:53:20 +08:00
Kubernetes Prow Robot
b3cc522b53 Merge pull request #103281 from makusu2/patch-1 
Fix grammar
 2021-06-30 05:41:03 -07:00
Lukasz Szaszkiewicz
4a2aef00d6 adds metrics for authorization webhook 2021-06-30 09:26:25 +02:00
Samuel Roth
1441a33030 hostPath baseline check for Pod Security Standards 
graduate IngressClassNamespacedParams to beta

add fuzzer patch to fix tests

Destroy the created runtimeclass resources at the end of the test case.

addressing comments

dont ensure security context
 2021-06-30 00:19:01 -04:00
Samuel Roth
71cb2d71a8 podsecurity: add baseline hostNamespace check 
less repetitive detail

dont ensure security context

minor doc fix

fixing keys
 2021-06-29 23:11:32 -04:00
Kubernetes Prow Robot
e0f66be1aa Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score 
Add score func for NodeResourcesFit plugin
 2021-06-29 13:42:20 -07:00
Kubernetes Prow Robot
92726bf0f3 Merge pull request #103248 from sttts/sttts-crd-converison-test 
apiextension: fix typo and test case in conversion integration test
 2021-06-29 11:20:03 -07:00
Kubernetes Prow Robot
dae03ba921 Merge pull request #99364 from p0lyn0mial/upstream-delegated-authn-metrics 
adds metrics for delegated authn
 2021-06-29 11:19:38 -07:00
yuzhiquan
deb14b995a Add score plugin for NodeResourcesFit 2021-06-29 13:16:55 -04:00
Kubernetes Prow Robot
01819dd322 Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 
ReadWriteOncePod access mode for PVs and PVCs
 2021-06-29 10:04:40 -07:00
Dr. Stefan Schimanski
903d76f558 apiextension: fix typo and test case in conversion integration test 2021-06-29 11:03:24 +02:00
Nabarun Pal
43c2e454a0 hack: remove bindata generation logic for translations 
also, remove generated bindata

Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 13:36:28 +05:30
Nabarun Pal
eb75b34394 kubectl: use embedded translations instead of generated bindata 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 13:36:27 +05:30
Nabarun Pal
5ece28b77a kubectl: move translations to i18n package to kubectl staging directory 
Go 1.16's embed directive doesn't allow embeding files from parent
directories. Hence, moving the translations data to inside the i18n package.

Logically speaking as well, kubectl related artifacts should be inside
the kubectl package.

Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 13:36:26 +05:30
Lukasz Szaszkiewicz
322c18c147 adds metrics for authentication webhook 2021-06-29 09:49:14 +02:00
Kubernetes Prow Robot
adf561fb96 Merge pull request #96699 from tengqm/kubelet-config-norm 
Tweak kubelet config comments for consistency and readability
 2021-06-28 23:26:40 -07:00
Chris Henzie
5f98f6cfa4 Update helper methods to print and parse ReadWriteOncePod access mode 2021-06-28 21:25:37 -07:00
Chris Henzie
48ba5020a2 ReadWriteOncePod PV access mode and feature gate 2021-06-28 21:25:35 -07:00
Chris Henzie
358d2e0bd1 Export contains access mode helper method 
Will be used during validation of PVs and PVCs
 2021-06-28 21:24:56 -07:00
zhiming
ab4918b6bc remove redundant clause in string_slice_flag 2021-06-29 09:09:08 +08:00
Steven Pitts
c21f9cb59d Fix grammar 
Original:

> This handler will lookup the owner of the given Deployment, and if it is owned by a Foo resource will enqueue that Foo resource for processing.

Fixed:

> This handler will lookup the owner of the given Deployment, and if it is owned by a Foo resource then the handler will enqueue that Foo resource for processing.
 2021-06-28 19:18:22 -04:00
Jordan Liggitt
6f9011a4ae PodSecurity: vendor: generated files 
Co-authored-by: Tim Allclair <timallclair@gmail.com>
 2021-06-28 17:46:00 -04:00
Jordan Liggitt
b8bdcf6441 PodSecurity: update dependencies 2021-06-28 17:46:00 -04:00
Jordan Liggitt
724fbfbb69 PodSecurity: test: generate fixture data 2021-06-28 17:46:00 -04:00
Jordan Liggitt
93c6f8969a PodSecurity: check: addCapabilities 2021-06-28 17:45:59 -04:00
Jordan Liggitt
3733e209c9 PodSecurity: check: allowPrivilegeEscalation 2021-06-28 17:45:36 -04:00
Jordan Liggitt
a8206ef58b PodSecurity: check: runAsNonRoot 2021-06-28 17:45:36 -04:00
Jordan Liggitt
12ea930aae PodSecurity: check: selinux 
Co-authored-by: Tim Allclair <timallclair@gmail.com>
 2021-06-28 17:45:36 -04:00
Tim Allclair
02a6187757 PodSecurity: admission: admission library 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2021-06-28 17:45:35 -04:00
Jordan Liggitt
29f5ebf1fe PodSecurity: test: framework 2021-06-28 17:45:35 -04:00
Tim Allclair
1436d35779 PodSecurity: policy: registry 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2021-06-28 17:45:35 -04:00
Jordan Liggitt
5183ea0bf0 PodSecurity: metrics: stub interface 
Co-authored-by: Tim Allclair <timallclair@gmail.com>
 2021-06-28 17:45:35 -04:00
Jordan Liggitt
a3ba921b16 PodSecurity: admission/api: configuration API 
Admission configuration:
- user, namespace, runtimeclass exemptions
- default policy levels and versions
- defaulting
- load and serialization helpers

Co-authored-by: Tim Allclair <timallclair@gmail.com>
 2021-06-28 17:45:34 -04:00
Tim Allclair
9ce17c8773 PodSecurity: api: runtime API 
Label keys, values, and parsing helper functions

Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2021-06-28 17:45:34 -04:00
Kubernetes Prow Robot
556f8500ff Merge pull request #102859 from MikeSpreitzer/add-r-metrics 
Add APF metrics about R(t)
 2021-06-28 11:40:28 -07:00
Kubernetes Prow Robot
cd5d3e690e Merge pull request #103153 from josephburnett/v2beta2 
Move HPA v2beta2 deprecation to 1.23.
 2021-06-28 10:33:25 -07:00
Kubernetes Prow Robot
5e06f173fb Merge pull request #98866 from wzshiming/fix/termination_grace_period_seconds_is_negative 
Fix TerminationGracePeriodSeconds is negative (part 1)
 2021-06-28 07:59:25 -07:00