github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
114,921 Commits 1 Branch 31 Tags 1,019 MiB
543f15d10c
Commit Graph

167 Commits

Author SHA1 Message Date
Patrick Ohly
29941b8d3e api: resource.k8s.io v1alpha1 -> v1alpha2 
For Kubernetes 1.27, we intend to make some breaking API changes:
- rename PodScheduling -> PodSchedulingHints (https://github.com/kubernetes/kubernetes/issues/114283)
- extend ResourceClaimStatus (https://github.com/kubernetes/enhancements/pull/3802)

We need to switch from v1alpha1 to v1alpha2 for that.
 2023-03-14 07:52:03 +01:00
Paco Xu
49032c394c The storage.k8s.io/v1beta1 API version of CSIStorageCapacity will no longer be served in v1.27. 2023-03-13 15:06:04 +08:00
Kubernetes Prow Robot
cc3855e0cf
Merge pull request #116170 from aojea/watch_instead_poll_system_namespaces 
Watch instead poll system namespaces
 2023-03-11 11:24:39 -08:00
Kubernetes Prow Robot
d8fe845415
Merge pull request #116108 from Jefftree/agg-discovery-enb 
Enable Aggregated Discovery for Beta
 2023-03-10 10:48:39 -08:00
Antonio Ojea
6e78e3279a consider default a system namespace to be managed by the namespace controller 
Change-Id: I08d68c18234404c1258aa003211d82e2e72dadb1
 2023-03-10 17:49:53 +00:00
Antonio Ojea
eecfaf658e decouple system namespaces from bootstrap controller 
Use an informer instead of polling.

Change-Id: Ib071e53addb914fcb31d8a1346cf61ca6d22520b
 2023-03-10 17:49:47 +00:00
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Jefftree
361391117d Enable aggregated discovery 2023-03-08 23:03:52 +00:00
Patrick Ohly
dad95e1be6 update lease controller 
Passing in a context instead of a stop channel has several advantages:
- ensures that client-go calls return as soon as the controller is asked to stop
- contextual logging can be used

By passing that context down to its own functions and checking it while
waiting, the lease controller also doesn't get stuck in backoffEnsureLease
anymore (https://github.com/kubernetes/kubernetes/issues/116196).
 2023-03-02 15:06:00 +01:00
SataQiu
571582b5b2 apiserver: update serialization version priority for policy API 2023-01-19 14:42:26 +08:00
Andrew Sy Kim
a7de3e15a5 apiserver: use the identity value in the apiserver identity hash 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2023-01-13 16:20:14 -05:00
Andrew Sy Kim
3da0f1809c apiserver: update lease label key to apiserver.kubernetes.io/identity 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2023-01-13 15:37:22 -05:00
SataQiu
950c147db5 apiserver: update serialization version priority for flowcontrol API 2023-01-13 22:19:39 +08:00
Jordan Liggitt
78cb3862f1
Fix indentation/spacing in comments to render correctly in godoc 2022-12-17 23:27:38 -05:00
SataQiu
40a6d6306a autoscaling: advance v2 as the preferred API version over v1 2022-12-11 13:09:39 +08:00
Iceber Gu
034292718a remove enabled by default beta resources that have been removed 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2022-12-08 13:28:24 +08:00
Wojciech Tyczyński
4ffca653ff Fix endpoint reconciler failing to delete masterlease 
add regression test for endpoint reconciler leases
 2022-11-25 08:13:20 +00:00
Patrick Ohly
5cca60f0b8 api: dynamic resource allocation API 
This adds a new resource.k8s.io API group with v1alpha1 as version. It contains
four new types: resource.ResourceClaim, resource.ResourceClass, resource.ResourceClaimTemplate, and
resource.PodScheduling.
 2022-11-10 20:08:24 +01:00
Kubernetes Prow Robot
e62cfabf93
Merge pull request #112050 from nilekhc/kms-hot-reload 
Implements hot reload of the KMS `EncryptionConfiguration`
 2022-11-08 17:24:12 -08:00
Nilekh Chaudhari
761b7822fc
feat: implements kms encryption config hot reload 
This change enables hot reload of encryption config file when api server
flag --encryption-provider-config-automatic-reload is set to true. This
allows the user to change the encryption config file without restarting
kube-apiserver. The change is detected by polling the file and is done
by using fsnotify watcher. When file is updated it's process to generate
new set of transformers and close the old ones.

Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2022-11-08 21:47:59 +00:00
Kubernetes Prow Robot
3a99a5954d
Merge pull request #113629 from andrewsykim/apiserver-identity-beta 
Promote APIServerIdentity to Beta
 2022-11-08 12:43:10 -08:00
Kubernetes Prow Robot
595ea32411
Merge pull request #113314 from cici37/celIntegration 
CEL validation in Admission chain
 2022-11-07 17:08:33 -08:00
Andrew Sy Kim
d24f93e4a4 pkg/controlplane: update lease parameters into public variables so they can be set by integration tests 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-07 19:36:22 -05:00
Andrew Sy Kim
02020b20e7 kube-apiserver: remove flags --identity-lease-duration-seconds and --identity-lease-renew-interval-seconds 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-07 19:36:22 -05:00
Cici Huang
d3f48136d0 Add Authz check to validate policy and binding. 
Co-authored-by: Jiahui Feng <jhf@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2022-11-07 21:29:56 +00:00
Cici Huang
0486e06261 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 2022-11-07 20:51:51 +00:00
Andrew Sy Kim
72f2e1cc0d lease controller: update NewController to accept leaseName as a parameter, remove NewControllerWithLeaseName 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-04 00:44:13 -04:00
Andrew Sy Kim
3c0b75f4ad apiserver identity: always use a unique value for the Lease holder identity 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-03 22:53:56 -04:00
Andrew Sy Kim
21507902ba apiserver identity: use persistent identity format based on hostname 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-03 22:53:56 -04:00
SataQiu
ecfae2bebe kube-apiserver: keep the types of LeaseEndpointReconcilerType and NoneEndpointReconcilerType the same as MasterCountReconcilerType 2022-10-26 21:49:31 +08:00
Shihang Zhang
569cd70a52 track legacy service account tokens 2022-10-24 09:37:53 -07:00
Andrew Sy Kim
c4c867dd96 add comments for Test_Controller in pkg/controlplane/controller/apiserverleasegc 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-10-18 20:40:21 -04:00
Andrew Sy Kim
4a89500478 add unit tests for apiserverleasegc controller 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-10-18 20:39:10 -04:00
Monis Khan
f507bc2553
Load encryption config once 
This change updates the API server code to load the encryption
config once at start up instead of multiple times.  Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps.  This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2022-10-13 10:52:29 -04:00
Abu Kashem
e1a764d635
apiserver: enable v1beta3 for apf 2022-09-21 18:54:19 -04:00
Kubernetes Prow Robot
f510bcac90
Merge pull request #112402 from tkashem/test-beta-default 
test: new beta version should be disabled by group,version
 2022-09-19 13:17:33 -07:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Abu Kashem
8e7c4353b0
test: new beta version should be disabled by group,version 2022-09-12 14:34:22 -04:00
Antonio Ojea
abf74613ac remove dead code 2022-08-25 23:19:26 +02:00
Sarvesh Rangnekar
7093b10416 Introduce networking/v1alpha1 api, ClusterCIDR type 
Introduce networking/v1alpha1 api group.

Add `ClusterCIDR` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.
 2022-08-05 00:54:00 +00:00
Davanum Srinivas
a9593d634c
Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-07-26 13:14:05 -04:00
Kubernetes Prow Robot
f19a26a22e
Merge pull request #111191 from aojea/controller-client-go 
refactor controlplane to use just one client-go
 2022-07-18 16:55:30 -07:00
Antonio Ojea
586a3d4ac5 refactor controlplane to use just one client-go 2022-07-16 13:36:32 +02:00
Abirdcfly
00b9ead02c cleanup: remove duplicate import 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
 2022-07-14 11:25:19 +08:00
Patrick Ohly
2e8fa3ee6b CSIStorageCapacity: use v1 as storage version 
This can be done because downgrades are only supported down to 1.24 and that
release supports v1.
 2022-07-08 10:06:06 +02:00
ZhangKe10140699
f218f7b262 Computation of the StorageVersionHash use overridden storage versions in unit test 2022-07-08 06:32:27 +08:00
Wojciech Tyczyński
b54363aceb Clean shutdown of storageversion integration tests 2022-06-06 20:33:20 +02:00
Kubernetes Prow Robot
901434942c
Merge pull request #107878 from danwinship/apiserver-endpointslice-cleanup 
Clean up some EndpointSlice-related code in apiserver endpoint reconciler
 2022-06-01 17:55:45 -07:00
Dan Winship
c44f5467a2 Remove unused and un-enable-able apiserver multiple ports feature 
Theoretically, the apiserver could be told to advertise additional
ports on the kubernetes service, but there was no way to enable this
functionality without forking/vendoring the apiserver code. This was
apparently added in the distant past for OpenShift to use, but it has
not been used in OpenShift since Kubernetes 1.11.
 2022-05-27 08:46:44 -04:00
Dan Winship
80e9d948e3 Add more Endpoints vs EndpointsSlices reconciler tests 2022-05-27 08:46:24 -04:00