github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,748 Commits 1 Branch 31 Tags 1,019 MiB
48daa91857
Commit Graph

24877 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
c726b2b3a3
Merge pull request #123431 from aramase/aramase/f/kep_3331_multiple_jwt_authenticator 
Support multiple JWT authenticators with structured authn config
 2024-03-06 17:37:29 -08:00
Kubernetes Prow Robot
05cb0a55c8
Merge pull request #123696 from aramase/aramase/f/kep_3331_v1beta1_api 
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1
 2024-03-06 15:35:28 -08:00
Kubernetes Prow Robot
bd25605619
Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API
 2024-03-06 15:35:14 -08:00
Anish Ramasekar
39e1c9108c
Support multiple JWT authenticators with structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-06 14:42:32 -08:00
Tim Allclair
0eb5f52d06 Rename AppArmor annotation constants with Deprecated 2024-03-06 10:46:31 -08:00
cpanato
70221e8405
[go] Bump images, dependencies and versions to go 1.22.1 and distroless iptables 
Signed-off-by: cpanato <ctadeu@gmail.com>
 2024-03-06 13:09:17 -05:00
Kubernetes Prow Robot
2b521e5f8e
Merge pull request #123405 from cici37/vapGA 
[KEP-3488]Promote ValidatingAdmissionPolicy to GA
 2024-03-05 18:29:53 -08:00
Kubernetes Prow Robot
39b085d936
Merge pull request #121725 from cubxxw/patch-1 
fix: code style untidy  and update version.sh
 2024-03-05 18:29:44 -08:00
Kubernetes Prow Robot
87f9b3891e
Merge pull request #123385 from HirazawaUi/allow-special-characters 
Allow almost all printable ASCII characters in environment variables
 2024-03-05 17:31:06 -08:00
Kubernetes Prow Robot
5b4d97dc5a
Merge pull request #122541 from aojea/headless_selector 
Implement a field selector for ClusterIP on Services
 2024-03-05 17:30:57 -08:00
Kubernetes Prow Robot
3686ceb5b8
Merge pull request #122745 from kannon92/swap-no-swap-default 
[KEP-2400] add no swap as the default option for swap
 2024-03-05 16:32:40 -08:00
cici37
de506ce7ac Promote ValidatingAdmissionPolicy to GA. 2024-03-05 16:00:21 -08:00
Kubernetes Prow Robot
5fd38a8c78
Merge pull request #122907 from sohankunkerkar/prepare-kep-3983-for-beta 
[KEP-4419]: promote KubeletConfigDropInDir feature to beta
 2024-03-05 14:45:39 -08:00
Kubernetes Prow Robot
1e4124b081
Merge pull request #123726 from haircommander/kubelet_t 
e2e_node: use kubelet_exec_t instead of bin_t for kubelet
 2024-03-05 13:45:14 -08:00
Kubernetes Prow Robot
2bed0087c3
Merge pull request #123722 from atiratree/e2e-kubectl-delete-fix 
fix e2e test for kubectl interactive delete
 2024-03-05 13:45:07 -08:00
Kubernetes Prow Robot
df1eccae38
Merge pull request #123543 from jiahuif-forks/feature/validating-admission-policy/excluded-resources 
ValidatingAdmissionPolicy: exclude brink-able resources.
 2024-03-05 13:45:01 -08:00
Kubernetes Prow Robot
5f4a20e65d
Merge pull request #120718 from gjkim42/add-restartable-init-containers-to-pod-resources-api 
Make PodResources API include restartable init containers
 2024-03-05 13:44:54 -08:00
Kevin Hannon
6a4e19a4ec add no swap as the default option for swap 2024-03-05 16:10:42 -05:00
Tim Allclair
207a965b3f Update AppArmor e2e tests 2024-03-05 12:22:50 -08:00
Filip Křepinský
7a57bcea6c fix e2e test for kubectl interactive delete 2024-03-05 19:57:28 +01:00
Peter Hunt
646d464203 e2e_node: use kubelet_exec_t instead of bin_t for kubelet 
as bin_t isn't powerful enough, and we run into a wack-a-mole situation making bin_t powerful
enough for the tests

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-03-05 13:39:52 -05:00
Michał Woźniak
e568a77a93
Support for the Job managedBy field (alpha) (#123273) 
* support for the managed-by label in Job

* Use managedBy field instead of managed-by label

* Additional review remarks

* Review remarks 2

* review remarks 3

* Skip cleanup of finalizers for job with custom managedBy

* Drop the performance optimization

* imrpove logs
 2024-03-05 09:25:15 -08:00
Antonio Ojea
0595ec7942 implement field selector for clusterIP on services 
This will allow components that don't need to watch headless services
(heavily used on ai/ml workloads) to filter them server side.

Specially useful for kubelet and kube-proxy

Co-authored-by: Jianbo Ma <sakuranlbj@gmail.com>

Change-Id: I6434d2c8c77aaf725ec5c07acbcda14311f24bfa

Change-Id: Iba9e25afb90712facfb3dee25c500bbe08ef38fc
 2024-03-05 17:16:42 +00:00
Anish Ramasekar
b502aa6f31
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-05 09:10:34 -08:00
Kubernetes Prow Robot
74adc0b3f7
Merge pull request #122489 from carlory/fix-120080 
storage e2e: update hostpath and mock images
 2024-03-05 07:11:36 -08:00
Kubernetes Prow Robot
791fd50eeb
Merge pull request #123114 from bzsuni/cleanup/npd/v0.8.15 
Bump npd from v0.8.13 to v0.8.16
 2024-03-05 05:46:42 -08:00
Kubernetes Prow Robot
a33f8b8211
Merge pull request #122259 from pacoxu/enlarge-pod-delete-timeout 
use e2e f.Timeouts.PodDelete instead of 1 minute
 2024-03-05 05:46:29 -08:00
Kubernetes Prow Robot
d826407152
Merge pull request #122653 from ardaguclu/interactive-delete-e2e-test 
Add e2e test for kubectl interactive delete
 2024-03-05 03:08:59 -08:00
HirazawaUi
01689d0906 add e2e tests for relaxed validation 2024-03-05 17:09:15 +08:00
Kubernetes Prow Robot
50f4b1ea47
Merge pull request #123568 from enj/enj/i/jwt_username_required 
jwt: fail on empty username via CEL expression
 2024-03-04 20:07:33 -08:00
Kubernetes Prow Robot
439f7df65b
Merge pull request #122320 from armstrongli/master 
allow service NodePort to be updated to 0 in case AllocateLoadBalance…
 2024-03-04 18:38:05 -08:00
carlory
2bd7f4f8e0 storage e2e: update hostpath and mock images 2024-03-05 10:18:54 +08:00
bzsuni
9ac9fdac8f Bump npd from v0.8.13 to v0.8.16 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2024-03-05 09:30:28 +08:00
Kubernetes Prow Robot
6929a11f69
Merge pull request #123481 from sanposhiho/mindomain-stable 
graduate MinDomainsInPodTopologySpread to stable
 2024-03-04 17:18:53 -08:00
Kubernetes Prow Robot
f745503112
Merge pull request #123413 from seans3/tunneling-spdy-websockets 
PortForward: Tunnel SPDY through WebSockets
 2024-03-04 17:18:44 -08:00
Kubernetes Prow Robot
46a2137c1b
Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics
 2024-03-04 14:09:30 -08:00
Kubernetes Prow Robot
320e288b5e
Merge pull request #123628 from Jefftree/agg-conformance 
promote aggregated discovery conformance tests
 2024-03-04 11:23:59 -08:00
Sean Sullivan
8b447d8c97 portforward: tunnel spdy through websockets 2024-03-04 11:10:30 -08:00
Jordan Liggitt
79b344d85e
Add authorization webhook duration/count/failopen metrics 2024-03-04 14:01:15 -05:00
Monis Khan
8345ad0bac
jwt: fail on empty username via CEL expression 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-04 12:51:19 -05:00
Kubernetes Prow Robot
9043ce05c1
Merge pull request #123667 from jsafrane/selinux-metrics-access-mode 
Add label with access mode to SELinux metrics
 2024-03-04 08:25:39 -08:00
Jan Safranek
57d1b68dc2 Remove deprecated sets.String 2024-03-04 14:33:04 +01:00
Kubernetes Prow Robot
55d1518126
Merge pull request #123588 from pohly/scheduler-perf-any-cleanup 
scheduler_perf: automatically delete created objects
 2024-03-04 04:49:12 -08:00
Jan Safranek
c4163a9cb8 Add label with access mode to SELinux metrics 
In the KEP 1710 we promised to have all SELinux metrics with access mode
label, so cluster admin is able to distinguish when RWOP volumes are
failing to mount (-> SELinuxMountReadWriteOncePod feature gate must be
disabled) or volumes with any other access modes are failing (->
SELinuxMount feature gate must be disabled).

Adding the label to kubelet is quite straightforward, there were some
changes needed in the e2e test. Now grabMetrics() collects values of all
SELinux related metrics with all labels. It only skips unrelated volume
plugins. And waitForMetricIncrease gets metric with all labels on input, so
it can check that say RWOP metric increased and RWX one did not.
 2024-03-04 13:16:56 +01:00
Patrick Ohly
eb6abf0462 scheduler_perf: automatically delete created objects 
This is not relevant for namespaced objects, but matters for the cluster-scoped
ResourceClass during unit testing. This works right now because there is only
one such unit test, but will fail when adding a second one.

Instead of passing a boolean flag down into all functions where it might be
needed, it's now a context value.
 2024-03-04 09:54:38 +01:00
Kubernetes Prow Robot
d440ab18ce
Merge pull request #123656 from huww98/e2e-pod-fail-fast 
e2e pod: fail fast on failed pod
 2024-03-04 00:00:14 -08:00
Kubernetes Prow Robot
8c80c07e85
Merge pull request #123655 from huww98/mt-n 
agnhost/mounttest: add new line to output
 2024-03-03 22:29:44 -08:00
Kubernetes Prow Robot
e4a14fe0f5
Merge pull request #123575 from Huang-Wei/pod-scheduling-readiness-stable 
Graduate PodSchedulingReadiness to stable
 2024-03-03 22:29:38 -08:00
Kubernetes Prow Robot
d756b0a1c0
Merge pull request #123659 from dims/check-length-of-instance-name-before-truncating 
Check length of instance name before truncating
 2024-03-03 20:41:11 -08:00
Anish Ramasekar
78fb0bae22
wire up discovery url in authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-03 17:34:51 -08:00