github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
105,139 Commits 1 Branch 31 Tags
51b94de68f0889e4e9bd5bc7673041f1275ca175
Commit Graph

43518 Commits

Author SHA1 Message Date
Tim Hockin
2b84b49ea9 Service REST test: Remove pointless cleanup 2021-07-01 23:24:29 -07:00
Tim Hockin
ca708fa9ac Service REST test: Fix some names 2021-07-01 23:24:24 -07:00
Kubernetes Prow Robot
659c7e709f Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 
csr: add expirationSeconds field to control cert lifetime
 2021-07-01 23:02:12 -07:00
Tim Hockin
54b6a416fb Service REST test: better IP and port alloc checks 2021-07-01 23:01:36 -07:00
Monis Khan
29b3fa7826 Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:16 -04:00
Monis Khan
cd91e59f7c csr: add expirationSeconds field to control cert lifetime 
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:15 -04:00
Tim Hockin
43b13840db Service REST test: remove obscure const 2021-07-01 18:26:46 -07:00
Tim Hockin
44eb475b10 Service REST test: remove unused return value 2021-07-01 18:26:45 -07:00
Tim Hockin
d6208606f3 Service REST test: remove pointless scaffolding 2021-07-01 18:26:45 -07:00
Tim Hockin
48e591eba2 Service REST test: remove obsolete setup param 2021-07-01 18:26:45 -07:00
Tim Hockin
a3b05033f6 Move endpoints test-helper funcs to a package 2021-07-01 18:26:45 -07:00
Tim Hockin
012bfaf98d Service REST test: remove last use of "inner" 
This required making a more hi-fidelity fake.  That, in turn, required
fixing some tests which were just not correct.
 2021-07-01 18:26:45 -07:00
Tim Hockin
22ed090e73 Service REST test: mostly remove tests of "inner" 
This test was sometimes using the "inner" REST and sometimes using the
"outer" REST.  This commit changes all but one test to use the outer.
The remaining test needs rework.
 2021-07-01 18:26:45 -07:00
Tim Hockin
7e8882d189 Service REST test: Remove pointless scaffolding 
These fields don't add much value in actually proving it all works, and
they make the upcoming de-layering hard.
 2021-07-01 18:26:45 -07:00
Tim Hockin
175f4f3387 Move service test-helper funcs to a package 2021-07-01 18:26:45 -07:00
Tim Hockin
b1fcbab801 Service REST test: helper funcs for ports, too 2021-07-01 18:26:45 -07:00
Tim Hockin
5f65ba7d76 Service REST test: Use helper funcs to streamline 
This makes subsequent changes easier to see.
 2021-07-01 18:26:44 -07:00
Tim Hockin
d64bb1b29e Service REST test: always check errors 
This will be needed in upcoming changes.
 2021-07-01 18:26:44 -07:00
Tim Hockin
d3a0332b6c Service REST test: remove unused fields 
These fields are never set, so we can remove them with no change in
behavior.
 2021-07-01 18:26:44 -07:00
Tim Hockin
292b1444eb Remove bad test for AllocateLoadBalancerNodePorts 
If the gate is open, we should never find nil.
 2021-07-01 18:26:44 -07:00
Tim Hockin
0bb280044e Fix typo in IP allocator error 2021-07-01 18:26:44 -07:00
Tim Hockin
5970c4671c Add an IPFamily() method to ipallocator 2021-07-01 18:26:44 -07:00
Tim Hockin
89b633d353 Fix doc comment 2021-07-01 18:26:44 -07:00
Kubernetes Prow Robot
25bbe2ebc5 Merge pull request #99594 from cofyc/kep1845-api 
Prioritizing nodes based on volume capacity: API changes
 2021-07-01 15:35:51 -07:00
Kubernetes Prow Robot
43ebff8fa4 Merge pull request #103306 from swetharepakula/convert-proxy 
Kubeproxy uses V1 EndpointSlice
 2021-07-01 14:28:11 -07:00
Kubernetes Prow Robot
062bc359ca Merge pull request #102444 from sanwishe/resourceStartTime 
Expose container start time in kubelet /metrics/resource endpoint
 2021-07-01 14:27:51 -07:00
Kubernetes Prow Robot
b0af328e6e Merge pull request #103326 from pacoxu/safe-sysctls 
Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl
 2021-07-01 09:49:55 -07:00
pacoxu
2cab85a403 Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-07-01 10:31:21 +08:00
Yecheng Fu
b522e95aae Prioritizing nodes based on volume capacity: API changes 2021-07-01 10:00:59 +08:00
Swetha Repakula
03b7a699c2 Kubeproxy uses V1 EndpointSlice 2021-06-30 18:41:57 -07:00
Kir Kolyshkin
ab5b77944e kubelet/cm: don't set Devices 
Since runc 1.0.0 it is now sufficient to have SkipDevices: true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2021-06-30 16:17:35 -07:00
Kubernetes Prow Robot
385402d506 Merge pull request #103082 from chrishenzie/read-write-once-pod-access-mode-scheduler 
Enforce ReadWriteOncePod during scheduling
 2021-06-30 16:11:36 -07:00
Kubernetes Prow Robot
98d20f552b Merge pull request #99378 from mattcary/api 
StatefulSet PersistentVolumeClaimDeletePolicy
 2021-06-30 11:49:03 -07:00
Chris Henzie
7ad44d04fc Enforce ReadWriteOncePod access mode during scheduling 
Check the PVC ref count on the node info cache to determine if a pod's
PVCs are in use. If they are and it is using ReadWriteOncePod, fail the
request.
 2021-06-30 10:40:14 -07:00
Dave Chen
1fa673c15c Extent the NodeResourcesBalancedAllocation plugin to cover more resources 
Signed-off-by: Dave Chen <dave.chen@arm.com>
 2021-06-30 11:15:12 +08:00
Shiming Zhang
212ce7c287 Shorten test time 2021-06-30 09:48:26 +08:00
Kubernetes Prow Robot
21f41b8e82 Merge pull request #101711 from hbagdi/ingressclass-namespaced-params-beta 
graduate IngressClassNamespacedParams to beta
 2021-06-29 17:07:03 -07:00
Kubernetes Prow Robot
e0f66be1aa Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score 
Add score func for NodeResourcesFit plugin
 2021-06-29 13:42:20 -07:00
Harry Bagdi
f0d917a3ca add fuzzer patch to fix tests 2021-06-29 12:59:59 -07:00
Elana Hashman
39f32d7286 Ensure MemorySwapConfig can't be set without feature flag 2021-06-29 12:08:25 -07:00
Elana Hashman
d4041cb80f Add generated files for swap API changes 2021-06-29 12:08:25 -07:00
Elana Hashman
d3fd1362ca Rename NoSwap to LimitedSwap as workloads may still swap 
Also made the options a kubelet type, address API review feedback
 2021-06-29 12:08:21 -07:00
Elana Hashman
0deef4610e Set MemorySwapLimitInBytes for CRI when NodeSwapEnabled 2021-06-29 11:59:02 -07:00
Elana Hashman
7342acb0b8 Add validation for KubeletConfig MemorySwap 2021-06-29 11:59:01 -07:00
Elana Hashman
bda03b4818 API change: add MemorySwap to KubeletConfiguration 2021-06-29 11:58:59 -07:00
Elana Hashman
0dd4ce40ad Add NodeSwapEnabled feature flag 2021-06-29 11:57:34 -07:00
yuzhiquan
deb14b995a Add score plugin for NodeResourcesFit 2021-06-29 13:16:55 -04:00
Chris Henzie
ebc3fdb293 Store PVC reference counts in NodeInfo cache 
This map will be queried as part of enforcement of the ReadWriteOncePod
access mode for PVCs
 2021-06-29 10:07:32 -07:00
Kubernetes Prow Robot
01819dd322 Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 
ReadWriteOncePod access mode for PVs and PVCs
 2021-06-29 10:04:40 -07:00
Kubernetes Prow Robot
756203fda0 Merge pull request #102576 from dobsonj/101911 
kubelet: do not call RemoveAll on volumes directory for orphaned pods
 2021-06-29 06:54:40 -07:00