github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
104,432 Commits 1 Branch 31 Tags 1,019 MiB
275d832ce2
Commit Graph

291 Commits

Author SHA1 Message Date
Mengjiao Liu
275d832ce2 Upgrade preparation to verify sysctl values containing forward slashes by regex 2021-11-04 11:49:56 +08:00
ravisantoshgudimetla
d7d0beb65f api: Handle validation of PodOS field presence 2021-10-28 17:31:52 -04:00
Kubernetes Prow Robot
7fbb384e15
Merge pull request #105682 from pohly/generic-ephemeral-volume-raw-block 
storage validation: accept generic ephemeral volumes as volume device
 2021-10-22 18:04:50 -07:00
Lee Verberne
d33bbb8940 Allow volumeDevices in ephemeral containers 2021-10-19 23:04:05 -04:00
Lee Verberne
d874cf8ffd List disallowed ephemeral container fields 
Listing these explicitly makes it easier to determine whether a new
Container field has been evaluated for use with ephemeral containers.
This does not change the behavior of ephemeral containers.
 2021-10-19 23:03:57 -04:00
Lee Verberne
f81c48cd0a Disallow subpath for ephemeral container mounts 2021-10-19 23:01:15 -04:00
Lee Verberne
764859081a Validate ephemeralContainerStatuses during update 2021-10-19 23:00:51 -04:00
Patrick Ohly
a40d2eb18c storage validation: accept generic ephemeral volumes as volume device 
Raw block devices are possible with generic ephemeral volumes, so rejecting a
pod with that combination is wrong.
 2021-10-19 13:30:32 +02:00
Lee Verberne
4451138bfa Validate PodSpec in EphemeralContainersUpdate 
Previously this only validated the ephemeral containers, but it's safer
to validate the entire PodSpec in case other parts of validation add
logic that checks ephemeral containers.
 2021-09-27 22:58:08 +02:00
Khaled Henidak (Kal)
a53e2eaeab
move IPv6DualStack feature to stable. (#104691) 
* kube-proxy

* endpoints controller

* app: kube-controller-manager

* app: cloud-controller-manager

* kubelet

* app: api-server

* node utils + registry/strategy

* api: validation (comment removal)

* api:pod strategy (util pkg)

* api: docs

* core: integration testing

* kubeadm: change feature gate to GA

* service registry and rest stack

* move feature to GA

* generated
 2021-09-24 16:30:22 -07:00
Tim Hockin
650f8cfd35 Svc REST: Validate input before IP allocation 
This commit started as removing FIXME comments, but in doing so I
realized that the IP allocation process was using unvalidated user
input.  Before de-layering, validation was called twice - once before
init and once after, which the init code depended on.

Fortunately (or not?) we had duplicative checks that caught errors but
with less friendly messages.

This commit calls validation before initializing the rest of the
IP-related fields.

This also re-organizes that code a bit, cleans up error messages and
comments, and adds a test SPECIFICALLY for the errors in those cases.
 2021-09-11 11:30:01 -07:00
Tim Hockin
8bcba526b6 Svc REST: Better errors on stack-downgrades 
Converting dual-stack to single-stack needs good errors.
 2021-09-11 11:30:01 -07:00
Tim Hockin
f4521aa75a Fix validation on ETP: "" is not valid 
This was causing tests to pass which ought not be passing.  This is not
an API change because we default the value of it when needed.  So we
would never see this in the wild, but it makes the tests sloppy.
 2021-09-11 11:30:01 -07:00
Tim Hockin
ccf3376570 Svc REST: De-layer Update 
This is the last layered method.  All allocator logic is moved to the
beginUpdate() path.  Removing the now-useless layer will happen in a
subsequent commit.
 2021-09-11 11:30:00 -07:00
Tim Hockin
14d0571a5f Svc REST: Don't call validation directly 
The validation is called soon after anyway.
 2021-09-11 10:49:13 -07:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Kubernetes Prow Robot
e375563732
Merge pull request #103245 from wzshiming/fix/prober-termination 
Add validation for Prober TerminationGracePeriodSeconds
 2021-07-13 09:30:30 -07:00
Kubernetes Prow Robot
e799d7b191
Merge pull request #99023 from verb/1.21-securitycontext 
Allow setting securityContext in ephemeral containers
 2021-07-09 20:50:46 -07:00
Kubernetes Prow Robot
36a7426aa5
Merge pull request #99144 from bart0sh/PR0094-promote-HugePageStorageMediumSize-to-GA 
promote huge page storage medium size to GA
 2021-07-07 18:09:05 -07:00
Shiming Zhang
e378600c90 Add validation for Prober TerminationGracePeriodSeconds 2021-07-07 10:51:30 +08:00
Ben Swartzlander
00dba76918 Add DataSourceRef field to PVC spec 
Modify the behavior of the AnyVolumeDataSource alpha feature gate to enable
a new field, DataSourceRef, rather than modifying the behavior of the
existing DataSource field. This allows addition Volume Populators in a way
that doesn't risk breaking backwards compatibility, although it will
result in eventually deprecating the DataSource field.
 2021-07-06 21:17:41 -04:00
Chris Henzie
7491d01651 Validate use of the ReadWriteOncePod access mode 
This will only work if the "ReadWriteOncePod" feature gate is enabled.
Additionally, this access mode will only work when used by itself. This
is because when ReadWriteOncePod is used on a PV or PVC, it renders all
other access modes useless since it is most restrictive.
 2021-06-28 21:25:37 -07:00
Chris Henzie
dba8ee229e Add validation options for PersistentVolumeClaims 
These options provide an extensible way of configuring how PVCs are
validated
 2021-06-28 21:24:55 -07:00
Chris Henzie
9ba0eed7c5 Add validation options for PersistentVolumes 
These options provide an extensible way of configuring how PVs are
validated
 2021-06-28 21:24:55 -07:00
Shiming Zhang
40593fa4d3 spec.terminationGracePeriodSeconds allow it to be set to 1s if it was previously negative 2021-06-28 11:49:39 +08:00
Lee Verberne
70765fa24d Allow securityContext in EphemeralContainers 2021-06-25 18:47:22 +02:00
Andrew Sy Kim
4d38d21880 apis: remove Service topologyKeys 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-06-03 22:17:45 -04:00
Kubernetes Prow Robot
e8760b95bb
Merge pull request #102336 from SataQiu/remove-podpreset 
cleanup PodPreset testdata
 2021-05-27 11:36:23 -07:00
Gunju Kim
6317ce63c6 Add feature gate ExpandedDNSConfig 
ExpandedDNSConfig allows kubernetes to have expanded DNS(Domain Name
System) configuration
 2021-05-27 07:10:13 +09:00
SataQiu
9cfbf06225 cleanup PodPreset testdata 2021-05-26 19:57:29 +08:00
marosset
93da0fd45d API support for Windows host process containers 
Co-authored-by: James Sturtevant <jstur@microsoft.com>
 2021-05-19 16:24:13 -07:00
Ed Bartosh
c12aa0f6b7 promote HugePageStorageMediumSize to GA 2021-05-10 15:57:55 +03:00
JaredTan95
b6fbe5e622 remove old ip checks 
Signed-off-by: JaredTan95 <jian.tan@daocloud.io>
 2021-05-04 08:57:29 +08:00
Kubernetes Prow Robot
889f1c3951
Merge pull request #101084 from robscott/endpointslice-ip-validation 
Updating EndpointSlice validation to match Endpoints validation
 2021-04-16 17:10:21 -07:00
Kubernetes Prow Robot
df9ad4d7d2
Merge pull request #96094 from Hellcatlk/m 
Some comments' typos
 2021-04-16 11:54:22 -07:00
Rob Scott
764b501ac4
Updating EndpointSlice validation to match Endpoints validation 2021-04-13 15:26:19 -07:00
Kubernetes Prow Robot
3723713c55
Merge pull request #100922 from lojies/cleanupvalidation 
code cleanup for validation.go
 2021-04-10 19:05:10 -07:00
卢振兴10069964
9e96fe77e8 code cleanup for validation.go 2021-04-08 20:14:33 +08:00
Bowei Du
89ebf47640 Update IP address validation message to include IPv6 
Adds unit test

Change-Id: I08c46f68b164e1ea82bf40f8a1316dfc1e95a6fb
 2021-04-07 08:45:29 -07:00
Elana Hashman
81cfbccea4
Validate that readiness probes can't set terminationGracePeriodSeconds 2021-03-11 14:37:57 -08:00
Kubernetes Prow Robot
00e81db174
Merge pull request #99946 from deads2k/tidy-node-validation-master 
refine validation
 2021-03-09 16:08:32 -08:00
David Eads
eb264c05c5 full deepcopy on munged pod spec 2021-03-08 10:02:56 -05:00
David Eads
5130ea0da3 remove pod toleration toleration seconds mutation 2021-03-08 10:02:51 -05:00
David Eads
5570a81040 add markers for inspected validation mutation hits 2021-03-08 10:02:46 -05:00
David Eads
bd5b1e2d05 move secret mutation from validation to prepareforupdate 2021-03-08 10:02:41 -05:00
David Eads
555eba5651 remove unnecessary mutations in validation 
These mutations are already done in the strategy
 2021-03-08 10:02:29 -05:00
David Eads
d000f2c8c5 tweak validation to avoid mutation 2021-03-08 09:58:34 -05:00
Fangyuan Li
7ed2f1d94d Implements Service Internal Traffic Policy 
1. Add API definitions;
2. Add feature gate and drops the field when feature gate is not on;
3. Set default values for the field;
4. Add API Validation
5. add kube-proxy iptables and ipvs implementations
6. add tests
 2021-03-07 16:52:59 -08:00
Kubernetes Prow Robot
4e95e1df04
Merge pull request #98515 from lala123912/huge_page 
Add request value verification for hugepage
 2021-03-05 22:11:43 -08:00
lala123912
e162fcc1bf Add request value verification for hugepage 2021-03-05 17:36:22 +08:00