github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
103,827 Commits 1 Branch 31 Tags
2a4701c2ca68ddeebd307bb6eed2320186059a39
Commit Graph

14230 Commits

Author SHA1 Message Date
Samuel Roth
2a4701c2ca PodSecurity webhook image 2021-10-27 13:54:19 -04:00
Kubernetes Prow Robot
d551560a78 Merge pull request #105330 from liggitt/importboss-doc 
Make package paths referenced by import boss valid
 2021-09-29 15:34:56 -07:00
Kubernetes Prow Robot
995a1c5abf Merge pull request #105117 from cmssczy/fix_useless_error_handling 
handle error when parse Quantity
 2021-09-29 15:34:44 -07:00
Kubernetes Prow Robot
bac45abf77 Merge pull request #105327 from julianvmodesto/kubectl-dry-run-flag-removals 
Remove deprecated kubectl --dry-run values.
 2021-09-29 13:31:21 -07:00
Kubernetes Prow Robot
1ad3e14f1f Merge pull request #105188 from nilo19/bug/cherry-pick-794 
fix: consolidate logs for instance not found error
 2021-09-29 11:23:21 -07:00
Kubernetes Prow Robot
6f47878926 Merge pull request #105107 from cici37/addFG 
Add feature gate CustomResourceValidationExpressions
 2021-09-29 08:08:48 -07:00
Kubernetes Prow Robot
49f9e227e9 Merge pull request #105247 from Jille/patch-1 
Fix double formatting on error message
 2021-09-29 04:14:48 -07:00
Kubernetes Prow Robot
fafbe3aa51 Merge pull request #103900 from ash2k/ash2k/cache-mapper-and-client 
Cache rest mapper and discovery client
 2021-09-29 02:10:49 -07:00
Kubernetes Prow Robot
c9b9c40109 Merge pull request #105315 from wzshiming/test/events-expansion 
Add unit test coverage for events expansion
 2021-09-29 01:00:48 -07:00
Shiming Zhang
13fe94f136 Add unit test coverage for events expansion 2021-09-29 10:11:27 +08:00
Kubernetes Prow Robot
198c9c70f1 Merge pull request #104925 from prameshj/ilbracefix 
Process GCE ILB services with the v1 annotation in the service controller
 2021-09-28 18:06:48 -07:00
Qi Ni
0406ba32ea fix: skip not found nodes when reconciling LB backend address pools 2021-09-29 08:00:28 +08:00
Jordan Liggitt
f6b831aeac Make package paths referenced by import boss valid 2021-09-28 18:05:58 -04:00
Kubernetes Prow Robot
66e1d27a59 Merge pull request #104300 from wojtek-t/converting_informer 
Create TransformingInformer
 2021-09-28 14:02:34 -07:00
Kubernetes Prow Robot
3b2b23cee7 Merge pull request #105234 from wojtek-t/optimize_indexer 
Optimize indexer
 2021-09-28 12:50:34 -07:00
Julian V. Modesto
e0b7a85ee5 Remove deprecated kubectl --dry-run values. 
The boolean values for --dry-run have been deprecated for removal since
1.18, more than 2 releases.

The default value for --dry-run with the flag set and unspecified has
been deprecated for removal since 1.18, more than 2 releases.

Both values are now removed in this change. Any kubectl --dry-run
usage no longer accepts --dry-run=(true|false) boolean values and usage
now requires that a value of (client|server|none) is specified.
 2021-09-28 10:21:04 -04:00
Shiming Zhang
f63c135e1f Update comments 2021-09-28 18:07:50 +08:00
wojtekt
75273a0689 Optimize index updating 2021-09-28 08:40:09 +02:00
Kubernetes Prow Robot
e35dff68af Merge pull request #105232 from wojtek-t/optimize_watchcache 
Optimize watchcache by not starting a gorotuine for all Get/List requests setting RV=0
 2021-09-27 15:15:56 -07:00
Kubernetes Prow Robot
c647c5614b Merge pull request #104985 from caesarxuchao/aggregator-no-spdy 
Aggregator uses the regular transport when handling upgrade requests
 2021-09-27 15:15:44 -07:00
Kubernetes Prow Robot
597f197e61 Merge pull request #105275 from tkashem/apf-rename-seats 
apf: rename WorkEstimate.Seats to InitialSeats
 2021-09-27 12:49:57 -07:00
Kubernetes Prow Robot
04f3d19bea Merge pull request #104507 from wzshiming/fix/match 
Check namespaces match in UpdateWithEventNamespace
 2021-09-27 09:05:35 -07:00
Kubernetes Prow Robot
dc2fe6d56c Merge pull request #105078 from aramase/fix-typo-kms-config 
fix typo in kms encryption config logs
 2021-09-27 07:33:49 -07:00
Kubernetes Prow Robot
48d844ec64 Merge pull request #104483 from margocrawf/master 
Add UID to client-go impersonation config
 2021-09-27 07:33:36 -07:00
Kubernetes Prow Robot
486ca678a0 Merge pull request #104923 from davidkarlsen/xfsFormatIssue 
mount-utils: force-format xfs-filesystems too
 2021-09-27 02:29:36 -07:00
Jille Timmermans
4c038d387c Fix double formatting on error message 
fmt.Errorf() was called with a message rather than a format string
 2021-09-25 09:51:48 +02:00
Abu Kashem
5d67896ade apf: rename WorkEstimate.Seats to InitialSeats 2021-09-24 19:49:25 -04:00
Khaled Henidak (Kal)
a53e2eaeab move IPv6DualStack feature to stable. (#104691) 
* kube-proxy

* endpoints controller

* app: kube-controller-manager

* app: cloud-controller-manager

* kubelet

* app: api-server

* node utils + registry/strategy

* api: validation (comment removal)

* api:pod strategy (util pkg)

* api: docs

* core: integration testing

* kubeadm: change feature gate to GA

* service registry and rest stack

* move feature to GA

* generated
 2021-09-24 16:30:22 -07:00
Margo Crawford
d9ddfb26e1 Introduces Impersonate-Uid to client-go. 
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-09-24 14:06:30 -07:00
wojtekt
27c94a49c8 Optimize indexer 2021-09-24 14:46:56 +02:00
wojtekt
37f93fc63d Optimize watchcache by not starting a gorotuine for all Get/List requests setting RV=0 2021-09-24 14:14:19 +02:00
wojtekt
56ffb4e2b0 Create TransformingIndexerInformer 2021-09-23 09:10:08 +02:00
wojtekt
efd3490076 Create TransformingInformer 
TransformingInfomer is like a regular Informer, but allows for applying
custom transform functions on the objects received via list/watch API calls.
 2021-09-23 08:19:05 +02:00
Kubernetes Prow Robot
dce069ce22 Merge pull request #104588 from liggitt/podsecurity-benchmark 
PodSecurity: benchmark and optimize privileged namespace evaluations
 2021-09-22 16:17:10 -07:00
Kubernetes Prow Robot
752c4b7f0b Merge pull request #105160 from MikeSpreitzer/improve-sharding-and-dispatch 
Improve sharding and dispatch
 2021-09-22 12:58:32 -07:00
Jordan Liggitt
32a5f41ec4 PodSecurity: avoid double parsing policy from namespace labels 
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          224           225           +0.40%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   237           234           -1.31%
BenchmarkVerifyPod/enforce-privileged_pod-12                        259           245           -5.26%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 261           254           -2.72%
BenchmarkVerifyPod/enforce-baseline_pod-12                          2967          2850          -3.94%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   252           255           +0.87%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3244          3125          -3.67%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 258           261           +0.97%
BenchmarkVerifyPod/warn-baseline_pod-12                             2956          2841          -3.89%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3034          2913          -3.99%
BenchmarkVerifyPod/warn-restricted_pod-12                           3276          3176          -3.05%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3302          3157          -4.39%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5159          5132          -0.52%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4208          4069          -3.30%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4336          4252          -1.94%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4436          4316          -2.71%
 2021-09-22 10:26:34 -04:00
Kubernetes Prow Robot
5b489e2846 Merge pull request #104983 from MikeSpreitzer/list-metrics-take3 
Try yet again to add metrics about LIST handling
 2021-09-22 07:16:02 -07:00
Qi Ni
1e21fe694e fix: consolidate logs for instance not found error 2021-09-22 14:32:01 +08:00
Kubernetes Prow Robot
950e978ff1 Merge pull request #105180 from tallclair/forbidden 
Fix PodSecurity forbidden response reason
 2021-09-21 21:08:00 -07:00
caozhiyuan
b9d7584c3a handle error when parse Quantity 2021-09-22 10:18:21 +08:00
Kubernetes Prow Robot
7432904c53 Merge pull request #105169 from liggitt/gomodule-codegenerator 
Smoke test code-generator using full packages
 2021-09-21 14:08:41 -07:00
Jordan Liggitt
636c769fb8 PodSecurity: preconstruct reused values 
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          370           228           -38.49%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   408           241           -40.86%
BenchmarkVerifyPod/enforce-privileged_pod-12                        420           242           -42.27%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 426           256           -39.84%
BenchmarkVerifyPod/enforce-baseline_pod-12                          4259          3006          -29.42%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   341           266           -22.12%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3322          3282          -1.20%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 327           260           -20.59%
BenchmarkVerifyPod/warn-baseline_pod-12                             2964          3020          +1.89%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3069          3127          +1.89%
BenchmarkVerifyPod/warn-restricted_pod-12                           3223          3330          +3.32%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3443          3533          +2.61%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5193          5405          +4.08%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4295          4358          +1.47%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4363          4513          +3.44%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4482          4588          +2.37%

benchmark                                                           old allocs     new allocs     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2              1              -50.00%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2              1              -50.00%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2              1              -50.00%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2              1              -50.00%
BenchmarkVerifyPod/enforce-baseline_pod-12                          17             17             +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2              1              -50.00%
BenchmarkVerifyPod/enforce-restricted_pod-12                        17             17             +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 2              1              -50.00%
BenchmarkVerifyPod/warn-baseline_pod-12                             17             17             +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      19             19             +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           17             17             +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    19             19             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               27             27             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        24             24             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            22             22             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     24             24             +0.00%

benchmark                                                           old bytes     new bytes     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          208           112           -46.15%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   208           112           -46.15%
BenchmarkVerifyPod/enforce-privileged_pod-12                        208           112           -46.15%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 208           112           -46.15%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3368          3368          +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   208           112           -46.15%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3368          3368          +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 208           112           -46.15%
BenchmarkVerifyPod/warn-baseline_pod-12                             3368          3368          +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3552          3552          +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           3368          3368          +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3552          3552          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5864          5864          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4800          4800          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4616          4616          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4800          4800          +0.00%
 2021-09-21 16:20:11 -04:00
Jordan Liggitt
d5589ba65f PodSecurity: optimize evaluation of fully-privileged namespaces 
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2658          370           -86.07%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2462          408           -83.42%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2346          420           -82.11%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2318          426           -81.64%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3606          4259          +18.11%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2032          341           -83.22%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3522          3322          -5.68%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 1893          327           -82.70%
BenchmarkVerifyPod/warn-baseline_pod-12                             3076          2964          -3.64%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3111          3069          -1.35%
BenchmarkVerifyPod/warn-restricted_pod-12                           3155          3223          +2.16%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3235          3443          +6.43%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5148          5193          +0.87%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4147          4295          +3.57%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4286          4363          +1.80%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4447          4482          +0.79%

benchmark                                                           old allocs     new allocs     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          12             2              -83.33%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   14             2              -85.71%
BenchmarkVerifyPod/enforce-privileged_pod-12                        12             2              -83.33%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 14             2              -85.71%
BenchmarkVerifyPod/enforce-baseline_pod-12                          17             17             +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   14             2              -85.71%
BenchmarkVerifyPod/enforce-restricted_pod-12                        17             17             +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 14             2              -85.71%
BenchmarkVerifyPod/warn-baseline_pod-12                             17             17             +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      19             19             +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           17             17             +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    19             19             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               27             27             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        24             24             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            22             22             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     24             24             +0.00%

benchmark                                                           old bytes     new bytes     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2120          208           -90.19%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2304          208           -90.97%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2120          208           -90.19%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2304          208           -90.97%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3368          3368          +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2304          208           -90.97%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3368          3368          +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 2304          208           -90.97%
BenchmarkVerifyPod/warn-baseline_pod-12                             3368          3368          +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3552          3552          +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           3368          3368          +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3552          3552          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5864          5864          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4800          4800          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4616          4616          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4800          4800          +0.00%
 2021-09-21 16:20:11 -04:00
Kubernetes Prow Robot
d5f39ebe4d Merge pull request #105064 from knight42/refactor-switch-to-stdlib-cipher 
refactor: switch to tls cipher suite in stdlib
 2021-09-21 11:56:42 -07:00
Tim Allclair
4633670153 Fix PodSecurity forbidden response reason 2021-09-21 11:34:13 -07:00
Kubernetes Prow Robot
bf77f8ff43 Merge pull request #105162 from MadhavJivrajani/migrate-clock-pkg 
migrate k8s.io/apimachinery/util/clock -> k8s.io/utils/clock
 2021-09-21 08:44:24 -07:00
Mike Spreitzer
4b9cba8587 Improve queueset sharding and dispatching 
New anti-windup technique: use the request arrival time as the floor
on the virtual dispatch time.  Prevent bound violations where they
might arise rather than fixing up just one queue at dispatch time,
so that the fixed up dispatch times figure into the dispatching choice.

Two tweaks to the shuffle sharding.  Take seats of executing requests
into account as well as seats of waiting requests.  Do not always
consider the generated hand in the same order.

Rename the queueset methods that do shuffle sharding and finding the
queue to dispatch from, because the old names were confusingly
similar.

Tighten up some request margins.

Name the test cases in TestNoRestraint and TestWindup.
 2021-09-21 11:20:02 -04:00
Jordan Liggitt
e63725425f Smoke test code-generator using full packages 2021-09-21 10:17:42 -04:00
Kubernetes Prow Robot
68d646a101 Merge pull request #105085 from MikeSpreitzer/fix-queueset-tests 
Update TestNoRestraint and TestWindup
 2021-09-21 03:48:23 -07:00
Madhav Jivrajani
fed2ec99c6 migrate k8s.io/apimachinery/util/clock -> k8s.io/utils/clock 
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2021-09-21 15:54:44 +05:30