github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93,054 Commits 1 Branch 31 Tags
479249b3a3ca0a118568ea0b87717c7b0d32d33f
Commit Graph

347 Commits

Author SHA1 Message Date
WanLinghao
244b244f9d Migrate the controller to use TokenRequest and rotate token periodically 2019-03-25 14:54:22 +08:00
Tim Allclair
0604256d6c Update tests for RuntimeClass beta 2019-03-08 13:21:52 -08:00
David Zhu
41b3579345 Address review comments 2019-03-07 17:17:09 -08:00
David Zhu
7d2f4e97b8 Add ADC Fallback if Node doesn't have driver installed 2019-03-07 14:47:38 -08:00
Kubernetes Prow Robot
6c31101257 Merge pull request #74283 from xing-yang/csi_crd_controller 
CSINodeInfo and CSIDriver Controller Changes
 2019-03-05 04:44:42 -08:00
Kubernetes Prow Robot
02bd34e7b0 Merge pull request #74531 from liggitt/ingress-rbac 
Update RBAC roles for networking.k8s.io ingresses
 2019-03-05 00:48:01 -08:00
Xing Yang
85867e5625 Modify node admission and node authorizer 2019-03-04 16:42:12 -08:00
Kubernetes Prow Robot
f16035600a Merge pull request #73807 from dekkagaijin/discovery-hardening 
harden the default RBAC discovery clusterrolebindings
 2019-03-01 21:49:30 -08:00
Jake Sanders
9c7d31928d harden the default RBAC discovery clusterrolebindings 2019-03-01 18:45:05 -08:00
Jordan Liggitt
85165b40fa Update RBAC roles for networking.k8s.io ingresses 2019-02-25 11:40:44 -05:00
Kubernetes Prow Robot
834c9a5e3d Merge pull request #72491 from liggitt/delegated-auth-permissions 
Ensure controller manager and scheduler can perform delegated auth checks
 2019-02-08 11:53:52 -08:00
Jordan Liggitt
4212a9a05a Ensure controller manager and scheduler can perform delegated auth checks 2019-02-08 11:15:52 -05:00
Jordan Liggitt
52519ecb1c remove deprecated openapi paths in favor of /openapi/v2 2019-01-21 16:33:41 -05:00
Jordan Liggitt
9229399bd6 Remove build/verify scripts for swagger 1.2 API docs, API server swagger ui / swagger 1.2 config 2019-01-15 13:33:06 -05:00
Jordan Liggitt
73dcfe12da Stop checking VolumeScheduling feature gate 2018-12-27 17:45:45 -05:00
wojtekt
546ece7b2c Promote NodeLease to Beta and enable by default 2018-12-17 10:19:22 +01:00
WanLinghao
0bab5ee5ad Currently the root-ca-cert-publisher was shadowed by BoundServiceAccountTokenVolume feature gate. 
But its corresponding bootstrap RBAC policy was shadowed by TokenRequest feature gate.
This patch fix it.
 2018-11-27 11:44:35 +08:00
Jordan Liggitt
8d7cc39031 Remove self-deletion permissions from kubelets 2018-11-14 00:42:06 -05:00
k8s-ci-robot
94c5953904 Merge pull request #70699 from liggitt/controllerrevisions 
Include read access to controllerrevisions for admin/edit/view roles
 2018-11-11 21:17:39 -08:00
Davanum Srinivas
954996e231 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
k8s-ci-robot
f212b9db23 Merge pull request #70598 from dims/switch-from-sigs.k8s.io/yaml-to-ghodss/yaml 
Switch to sigs.k8s.io/yaml from ghodss/yaml
 2018-11-08 10:57:36 -08:00
k8s-ci-robot
3f5db92840 Merge pull request #68812 from WanLinghao/token_projection_ca_secret_create 
Create Ca-certificate configmap  used by token projected volume
 2018-11-08 10:57:25 -08:00
WanLinghao
efac533f92 To inject ca.crt into container when projected volume was specified, configmap should be created in each namespace. 
This patch add a controller called "root-ca-cert-publisher" to complete above job as well as some bootstrap rbac policies.
 2018-11-08 11:33:47 +08:00
Davanum Srinivas
43f523d405 Switch to sigs.k8s.io/yaml from ghodss/yaml 
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31
 2018-11-07 13:17:32 -05:00
Jordan Liggitt
001627000f Include read access to controllerrevisions for admin/edit/view roles 2018-11-06 10:23:39 -05:00
Samuel Davidson
3558f83957 Revert "Improve multi-authorizer errors" 
This reverts commit 1c012f1c49.
 2018-10-29 11:05:45 -07:00
Dalton Hubble
dfc3c83e64 Add configmap get to system:kube-controller-manager 
* v1.12.x kube-controller-manager tries to get the
extension-apiserver-authentication ConfigMap by default
 2018-09-26 22:03:27 +02:00
Cheng Xing
4ca39ef0ed Consolidated CSIDriver logic under CSIDriverRegistry flag 2018-09-10 13:34:40 -07:00
Cheng Xing
94d649b590 Rearranged feature flags 2018-09-07 17:45:27 -07:00
Cheng Xing
becc6a9c19 Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction. 2018-09-06 19:16:51 -07:00
Jan Safranek
dc6be0cbf1 Add new RBAC rules for CSIDriver 
Nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
 2018-09-05 21:01:32 -04:00
Jan Safranek
4e7eca7b31 Add new RBAC rules for CSIDriver 
A/D controller and nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
 2018-09-05 10:15:43 -04:00
Janet Kuo
5186807587 Add TTL GC controller 2018-09-04 13:11:18 -07:00
Tim Allclair
0c59d4db32 Add RuntimeClass read permission for nodes 2018-08-31 18:22:13 -07:00
Kubernetes Submit Queue
c081c024c7 Merge pull request #67349 from mikedanese/trbeta 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.

promote TokenRequest and projection to beta in 1.12

```release-note
TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags:
* --service-account-issuer
* --service-account-signing-key-file
* --service-account-api-audiences
```
 2018-08-30 20:09:42 -07:00
lichuqiang
4c43d626f2 related test update 2018-08-29 10:30:16 +08:00
lichuqiang
b4a57f6855 combine feature gate VolumeScheduling and DynamicProvisioningScheduling into one 2018-08-29 10:30:08 +08:00
Michael Taufen
1b7d06e025 Kubelet creates and manages node leases 
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.

- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
 2018-08-26 16:03:36 -07:00
Mike Danese
92b4e3ca60 promote TokenRequest and projection to beta in 1.12 2018-08-13 13:01:43 -07:00
David Eads
3c1495d0a4 aggregate admin from edit and view to ensure coverage 2018-07-26 15:14:34 -04:00
Jordan Liggitt
1c012f1c49 Improve multi-authorizer errors 2018-07-06 10:55:17 -04:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Jeff Grafton
a725660640 Update to gazelle 0.12.0 and run hack/update-bazel.sh 2018-06-22 16:22:18 -07:00
David Zhu
86e152dc3f Added PV GET api rule to external-provisioner 2018-06-13 14:49:58 -07:00
Minhan Xia
9fe2c53624 include patch permission for kubelets 2018-05-30 11:15:47 -07:00
Kubernetes Submit Queue
9872a0502b Merge pull request #64288 from gnufied/take-volume-resize-beta 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Move volume resize feature to beta

Move volume resizing feature to beta. 

xref https://github.com/kubernetes/features/issues/284

```release-note
Move Volume expansion to Beta
```
 2018-05-26 01:34:17 -07:00
Hemant Kumar
0dd6e75567 Move volume resizing to beta 
Update bootstrap policies
 2018-05-25 15:32:38 -04:00
lichuqiang
95b530366a Add dynamic provisioning process 2018-05-24 17:12:38 +08:00
David Eads
092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
wojtekt
b2500d41e9 Fix bootstrap roles to allow list/watch secrets/configmaps from nodes 2018-05-15 14:19:21 +02:00