github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
87,996 Commits 1 Branch 31 Tags 1,019 MiB
4b29407945
Commit Graph

2949 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
1bb68a2cde
Merge pull request #87693 from liggitt/node-authz-index 
Fix node authorizer index recomputation
 2020-01-30 21:20:55 -08:00
Jordan Liggitt
d8c00b7f52 Fix node authorizer index recomputation 2020-01-30 13:29:57 -05:00
Mike Danese
968adfa993 cleanup req.Context() and ResponseWrapper 2020-01-29 08:50:45 -08:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
Kubernetes Prow Robot
9633dd63b2
Merge pull request #87239 from lemonli/cleanup/node-authorizer 
clean up node_authorizer code: verb judgement
 2020-01-24 19:21:15 -08:00
Rob Scott
469de65c25
Enabling EndpointSlice feature gate by default 
This enables the EndpointSlice controller by default, but does not make
kube-proxy a consumer of the EndpointSlice API.
 2020-01-17 16:19:29 -08:00
lemonli
2498dbf636 clean node_authorizer code: verb judgement 2020-01-15 18:08:09 +08:00
Jordan Liggitt
39e373fc45 Do not require token secrets when using bound service account tokens 2020-01-09 13:20:45 -05:00
wojtekt
1657ef25eb Extend authorization benchmark 2019-12-12 16:20:38 +01:00
Kubernetes Prow Robot
14fe931e9f
Merge pull request #85375 from liggitt/delegated-list-watch 
Add single-item list/watch to delegated authentication reader role
 2019-11-15 20:49:41 -08:00
Kubernetes Prow Robot
5848ee4945
Merge pull request #85365 from robscott/endpointslice-default-off 
Disabling EndpointSlice feature gate by default
 2019-11-15 17:57:50 -08:00
Jordan Liggitt
ba93157fd2 Add single-item list/watch to delegated authentication reader role 2019-11-15 20:37:43 -05:00
Rob Scott
37aa219fff
Disabling EndpointSlice feature gate by default 
Given the significance this change would have we've decided to hold off
on enabling this by default until we can have better test coverage and
more real world usage of the feature.
 2019-11-15 14:54:35 -08:00
David Zhu
e64a4bc631 Update attachdetach-controller role to include permissions to get, list, and watch csinodes for CSIMigration 2019-11-15 11:22:35 -08:00
Roc Chan
c9cf3f5b72 Service Topology implementation 
* Implement Service Topology for ipvs and iptables proxier
* Add test files
* API validation
 2019-11-15 13:36:43 +08:00
Tim Allclair (St. Clair)
581d3e26c9 Restrict mirror pod owner references (#84657) 
* Restrict mirror pod owners.

See http://git.k8s.io/enhancements/keps/sig-auth/20190916-noderestriction-pods.md

* Address feedback, refactor test

* Verify node owner UID
 2019-11-14 20:52:16 -08:00
Rob Scott
a7e589a8c6
Promoting EndpointSlices to beta 2019-11-13 14:20:19 -08:00
Kubernetes Prow Robot
195664db0e
Merge pull request #85099 from liggitt/quota-config-v1 
Promote apiserver.config.k8s.io/v1, kind=ResourceQuotaConfiguration
 2019-11-13 13:02:52 -08:00
draveness
5cb92260a6 feat: graduate ResourceQuotaScopeSelectors to GA 2019-11-13 14:07:22 +08:00
Kubernetes Prow Robot
bb55aa7c54
Merge pull request #76310 from ravisantoshgudimetla/fix-priority-quota 
Relax namespace restriction for critical pods
 2019-11-12 19:00:11 -08:00
ravisantoshgudimetla
f2cbbe228f BUILD files 2019-11-12 17:22:14 -05:00
ravisantoshgudimetla
fe4cac73c8 Relax namespace restriction for critical pods 2019-11-12 17:22:09 -05:00
Kubernetes Prow Robot
c580a12c8e
Merge pull request #83568 from bertinatto/volume_limits_ga 
Promote volume limits to GA
 2019-11-12 11:50:22 -08:00
Kubernetes Prow Robot
94efa988f4
Merge pull request #84813 from deads2k/admission-feature-gates 
remove global variable dependency from admission plugins
 2019-11-12 10:23:14 -08:00
David Eads
83f6f2717e remove global variable dep in admission 2019-11-12 10:55:14 -05:00
Jordan Liggitt
7d3012f297 Promote resource quota admission configuration to v1 2019-11-12 09:03:55 -05:00
Fabio Bertinatto
affcd0128b Promote volume limits to GA 2019-11-12 09:43:53 +01:00
Kubernetes Prow Robot
9cf309ed59
Merge pull request #82049 from andrewsykim/ga-node-instance-type-label 
Promote Node Instance Type Label to GA
 2019-11-08 13:47:58 -08:00
David Eads
675c2fb924 add featuregate inspection as admission plugin initializer 2019-11-08 13:07:40 -05:00
Kubernetes Prow Robot
ae15368355
Merge pull request #84351 from wojtek-t/promote_node_lease_to_GA 
Promote node lease to GA
 2019-11-08 09:00:15 -08:00
Andrew Sy Kim
560b8efb79 noderestriction: update node restriction unit tests to use stable instance-type label 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-11-08 11:17:58 -05:00
Andrew Sy Kim
349749644f test/e2e: check both beta and zone label for getting cluster zone 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-11-07 21:22:05 -05:00
Andrew Sy Kim
4c194d52da kubelet: set both deprecated Beta and GA labels for zone/region topology from the cloud provider 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-11-07 21:22:04 -05:00
Wei Huang
019d7497a5
bazel files 2019-11-05 20:57:21 -08:00
Wei Huang
dd74205bcf
Move out const strings in pkg/scheduler/api/well_known_labels.go 2019-11-05 20:56:21 -08:00
wojtekt
ffad401b4e Promote NodeLease feature to GA 2019-11-05 09:01:12 +01:00
Kubernetes Prow Robot
1d1385af91
Merge pull request #83474 from msau42/topology-ga 
CSI Topology ga
 2019-11-04 15:28:27 -08:00
Kubernetes Prow Robot
0c88c4893f
Merge pull request #84275 from liggitt/beta-gate-runtimeclass-informers 
Feature-gate RuntimeClass informer starts
 2019-10-28 17:48:42 -07:00
Michelle Au
603a2aa8a9 Add CSINode to storage/v1 2019-10-28 13:41:13 -07:00
wojtekt
fafbad45aa Update bootstrappolicy RBAC rules for migration to lease API 2019-10-28 09:09:03 +01:00
Kubernetes Prow Robot
a3560d3ad9
Merge pull request #84282 from yutedz/rm-csi-rbac-roles 
Remove deprecated CSI RBAC roles
 2019-10-24 22:56:14 -07:00
Kubernetes Prow Robot
06252a4630
Merge pull request #84260 from tallclair/status-restrict 
Forbid label updates by nodes through pod/status
 2019-10-24 16:56:43 -07:00
Ted Yu
13596e5249 Remove obsolete CSI RBAC roles 2019-10-24 05:33:02 -07:00
Kubernetes Prow Robot
2c4cba8aa0
Merge pull request #82365 from jkaniuk/pod-gc 
Pod GC controller - use node lister
 2019-10-24 03:13:06 -07:00
Jordan Liggitt
20b2439457 Feature-gate RuntimeClass informer starts 2019-10-24 01:18:07 -04:00
Tim Allclair
ac2b300ed9 Update bazel 2019-10-23 16:43:03 -07:00
Tim Allclair
fea3111554 Forbid label updates by nodes through pod/status 2019-10-23 15:54:40 -07:00
yue9944882
09cf42d67c switch system priority class to versioned (v1) api 
move all the helpers to scheduling v1 helpers

less explicit conversion
 2019-10-24 00:51:57 +08:00
Jacek Kaniuk
e6e026f1ad Allow pod-garbage-collector to get nodes 2019-10-23 16:54:38 +02:00
draveness
1163a1d51e feat: update taint nodes by condition to GA 2019-10-19 09:17:41 +08:00