github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
101,985 Commits 1 Branch 31 Tags 1,019 MiB
012bfaf98d
Commit Graph

1104 Commits

Author SHA1 Message Date
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Shihang Zhang
88b31814f4 BoundServiceAccountTokenVolume ga 2021-05-13 20:45:47 -07:00
Kubernetes Prow Robot
d51f15ed0d
Merge pull request #100885 from enj/enj/i/auth_owners 
Update sig-auth OWNERS
 2021-04-12 22:18:49 -07:00
Monis Khan
bca4993004
Update auth OWNERS files to only use aliases 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-04-07 10:46:03 -04:00
Niekvdplas
fec272a7b2 Fixed several spelling mistakes 2021-03-30 23:02:09 +02:00
Kubernetes Prow Robot
5498ee641b
Merge pull request #99561 from BenTheElder/remove-bazel 
Remove Bazel
 2021-03-01 09:55:27 -08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Jordan Liggitt
ec4d1b3821 Skip visiting empty secret and configmap names 2021-02-27 15:54:38 -05:00
Kubernetes Prow Robot
267e47f548
Merge pull request #99130 from ayberk/ebs_ga_labels 
Use GA topology labels for EBS
 2021-02-23 23:48:49 -08:00
Ayberk Yilmaz
339b8b450f Use GA topoogy labels for EBS 2021-02-18 00:34:56 +00:00
Michael Beaumont
a5a6762d33
Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis 2021-02-09 21:37:39 +01:00
Kubernetes Prow Robot
34f138ff83
Merge pull request #97823 from Jiawei0227/translation-lib 
Preparation for Topology migration to GA for CSI migration
 2021-02-02 08:48:28 -08:00
Kubernetes Prow Robot
1119a505ac
Merge pull request #98669 from liggitt/denyexec 
Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission
 2021-02-02 06:52:28 -08:00
Jordan Liggitt
3579f88e4d Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission 2021-02-01 16:55:22 -05:00
Kubernetes Prow Robot
3667e0e9f7
Merge pull request #98147 from deads2k/system-masters-delete 
add check to gc_admission to allow super users to skip RESTMapping
 2021-01-28 17:52:02 -08:00
Kubernetes Prow Robot
24f13032b3
Merge pull request #97395 from thockin/externalips-admission 
Add denyserviceexternalips admission (KEP 2200)
 2021-01-28 12:33:11 -08:00
David Eads
ff6684d90f add check to gc_admission to allow super users to skip RESTMapping 2021-01-27 16:53:33 -05:00
Jiawei Wang
67fed317a1 Prepare for Topology migration to GA from CSI migration 
This also includes a change on CSI migration TranslateCSIToInTree
where we remove the CSI topology and add Kubernetes Topology to
the NodeAffinity
 2021-01-20 10:49:58 -08:00
Tim Hockin
a8299079a5 Add denyserviceexternalips admission 2020-12-29 10:00:11 -08:00
Tim Hockin
02b77861ec Move defaultingressclass admission to net subdir 2020-12-28 09:58:30 -08:00
ialidzhikov
bc432124a2 Remove CSINodeInfo feature gate 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2020-12-10 09:58:22 +02:00
Kubernetes Prow Robot
96efb71094
Merge pull request #97020 from mikedanese/errfix 
hoist error message change in token registry to noderestriction
 2020-12-08 21:06:42 -08:00
Mike Danese
84995167d6 hoist error message change in token registry to noderestriction 
The token registry error message was changed in
5eefd7d012 to exclude some object details.
This error comes from noderestriction under some circumstances. Let's
make sure they match.

Change-Id: If9240f5c1a131d27dce389e2c6eca6c33d681f3b
 2020-12-02 10:58:25 -08:00
pacoxu
dd3179ee93 AlwaysPullImages: ignore updates that don't change the images referenced by the pod spec 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2020-12-01 06:59:57 +08:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Tim Hockin
819ff9b087
Use topology labels instead of old beta names (#96033) 
* Rename const for topology.../zone

* Rename const for topology.../region

* Rename const for failure-domain.../zone

* Rename const for failure-domain.../region

* Restore old names for compat
 2020-11-05 20:26:50 -08:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
cici37
95acec5a3b Move client_builder to k8s.io/controller-manager 2020-10-19 14:48:22 -07:00
shuang zhang
f0ea54070b Replace AreLabelsInWhiteList with isSubset 2020-10-05 22:07:47 +08:00
Kubernetes Prow Robot
ccfdc09f35
Merge pull request #91683 from tedyu/mirror-pod-owner-ref 
Mirror pod without OwnerReference should not be created
 2020-09-25 11:02:48 -07:00
Kubernetes Prow Robot
e7b9453972
Merge pull request #93537 from timuthy/enhancement.move-resourcequota 
Move ResourceQuota admission to k8s.io/apiserver lib
 2020-09-15 12:26:58 -07:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Tim Usner
70d440bc7e Move ResourceQuota admission to k8s.io/apiserver 2020-09-04 14:53:52 +02:00
Kubernetes Prow Robot
bb9ae50888
Merge pull request #93389 from fisherxu/return-err 
Return err directly when nodename in node object is not consistent with in cert
 2020-08-28 06:37:12 -07:00
xufei 00416946
f787db2508 return err directly when nodename is not consistent in cert 2020-07-25 09:10:32 +08:00
Patrick Ohly
c05c8e915b GenericEphemeralVolume: feature gate, API, documentation 
As explained in
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1698-generic-ephemeral-volumes,
CSI inline volumes are not suitable for more "normal" kinds of storage
systems. For those a new approach is needed: "generic ephemeral inline
volumes".
 2020-07-09 11:02:59 +02:00
Paulo Gomes
8976e3620f
Add seccomp enforcement and validation based on new GA fields 
Adds seccomp validation.

This ensures that field and annotation values must match when present.

Co-authored-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 09:13:25 +01:00
Alex Wang
209117413f
Promote NonPreempt feature gate to beta (#91899) 
* update nonpreempt featuregate to beta

* update
 2020-06-30 00:02:56 -07:00
Kubernetes Prow Robot
71c352dee3
Merge pull request #87582 from mrueg/ptr 
PodTolerationRestriction: Mention Whitelist Scope in Error
 2020-06-29 13:07:59 -07:00
Shihang Zhang
613a712717 default to add projected fstype in psp when boundedserviceaccounttoken is enabled 2020-06-24 09:09:27 -07:00
Ted Yu
9f95fdd3cd Mirror pod without OwnerReference should not be created 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-06-21 08:00:17 -07:00
Christopher M. Luciano
92506a98fc
ingress: Update IngressClass feature and admission controller for v1 
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-06-17 12:11:31 -04:00
Jordan Liggitt
db4ca87d9d Switch CSR approver/signer/cleaner controllers to v1 2020-06-05 18:45:34 -04:00
Jordan Liggitt
0e062981d1 Detect PSP enablement more accurately 2020-06-03 13:14:19 -04:00
Jordan Liggitt
7049149181 Generated files 2020-05-28 16:53:23 -04:00
Jordan Liggitt
377adfa2b7 Make signer admission plugin check on condition update 2020-05-28 12:20:40 -04:00
Kubernetes Prow Robot
9f5d9a9bef
Merge pull request #91315 from jherrera123/master 
Fix runtime admission flaky test due to race condition
 2020-05-22 10:45:11 -07:00
Jesus Herrera
a5800ab4cb Fix linter and bazel errors 2020-05-21 23:06:56 -04:00
Jesus Herrera
6b8e2cc24e Fix runtime admission flaky test due to race condition 2020-05-20 20:29:51 -04:00