github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,905 Commits 1 Branch 31 Tags 1,019 MiB
552fd7e850
Commit Graph

1443 Commits

Author SHA1 Message Date
Shingo Omura
552fd7e850
KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
Kubernetes Prow Robot
119f9b3e7c
Merge pull request #124675 from cici37/fgForCost 
Adding a deprecating featurer gate to fix cost
 2024-05-13 08:52:04 -07:00
Kensei Nakada
2ea7d8f523 graduate MatchLabelKeysInPodAffinity to Beta 2024-05-11 10:40:28 +00:00
Cici Huang
d6e4115ead Adding the feature gates to fix cost for VAP and webhook matchConditions. 2024-05-10 22:07:40 +00:00
carlory
c8e91b9bc2 CephRBD volume plugin ( ) and its csi migration support were removed in this release 2024-05-09 22:55:34 +08:00
Kubernetes Prow Robot
0a8d2f770e
Merge pull request #124462 from carlory/remove-fg-CSINodeExpandSecret 
remove feature-gate CSINodeExpandSecret
 2024-05-08 13:58:21 -07:00
Kubernetes Prow Robot
132c49c40b
Merge pull request #124738 from xuzhenglun/master 
Remove GA ServiceNodePortStaticSubrange feature gate
 2024-05-08 12:23:29 -07:00
Kubernetes Prow Robot
1af6bc992c
Merge pull request #123845 from HirazawaUi/promote-DisableNodeKubeProxyVersion-to-beta 
promote DisableNodeKubeProxyVersion feature gate to beta
 2024-05-08 12:23:19 -07:00
xuzhenglun
6d7a194e85
Remove GA ServiceNodePortStaticSubrange feature gate 2024-05-08 15:15:02 +08:00
Kubernetes Prow Robot
e6547701f1
Merge pull request #124681 from jpbetz/field-selector-beta 
Promote custom resource field selectors to beta
 2024-05-07 10:39:05 -07:00
Kubernetes Prow Robot
54687f317b
Merge pull request #124673 from jpbetz/retry-beta 
Promote RetryGenerateName to beta
 2024-05-06 15:11:56 -07:00
Joe Betz
d16ff3d77f Promote CRD field selectors to beta 2024-05-06 11:53:03 -04:00
Kubernetes Prow Robot
4d17d30029
Merge pull request #124519 from dims/drop-all-the-providery-things-take-2 
Remove gcp in-tree cloud provider and credential providers
 2024-05-06 08:03:14 -07:00
Joe Betz
1b59f3678f Promote RetryGenerateName to beta 2024-05-03 15:20:10 -04:00
Davanum Srinivas
7f9a0ef5d2
Fixes from review by Jan Šafránek/Andrew/Michael 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-03 15:11:36 -04:00
Davanum Srinivas
7187d9af81
address comments during review 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-01 18:01:25 -04:00
carlory
c2e6166936 remove feature-gate ConsistentHTTPGetHandlers 2024-04-23 11:07:08 +08:00
carlory
282049cf0e remove feature-gate CSINodeExpandSecret 2024-04-23 11:01:44 +08:00
Tim Hockin
a2fb1b51ac
Remove DefaultHostNetworkHostPortsInPodTemplates gate 
This behavior was deprecated in 1.28.
 2024-04-19 15:24:15 -07:00
Dan Winship
fdf22533a8 KEP-3866 kube-proxy nftables mode to beta 2024-04-18 13:20:23 -04:00
HirazawaUi
98c29f0312 promote DisableNodeKubeProxyVersion feature gate to beta 2024-04-14 20:32:49 +08:00
Tim Hockin
ae01c2126f
Remove the gate "SkipReadOnlyValidationGCE" 
One less GCE-specifc wart in the codebase.
 2024-04-06 15:11:20 -07:00
Marek Siarkowicz
0130072b05 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. 2024-03-18 11:55:13 +01:00
Kubernetes Prow Robot
8f80e01467
Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta
 2024-03-09 17:09:56 -08:00
Akihiro Suda
0b1a507b00
pkg/features: add RecursiveReadOnlyMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:10 +09:00
Nilekh Chaudhari
91a7708cdc
feat: implements Storage Version Migration API in-tree 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2024-03-08 04:18:56 +00:00
Kubernetes Prow Robot
364ef335db
Merge pull request #123412 from tenzen-y/add-new-jobsuccesspolicy-api 
Job: Support for the SuccessPolicy
 2024-03-07 14:49:20 -08:00
Yuki Iwai
e216742672 Job: Support for the JobSuccessPolicy (alpha) 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-03-08 05:49:09 +09:00
Kubernetes Prow Robot
2ec63e0d28
Merge pull request #123482 from sanposhiho/hpa-containerresource-graduation 
graduate HPAContainerMetrics to stable
 2024-03-06 17:37:36 -08:00
Kubernetes Prow Robot
bd25605619
Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API
 2024-03-06 15:35:14 -08:00
Tim Allclair
2d86cbf261 Separate feature-gate for AppArmor fields 2024-03-06 10:46:32 -08:00
Kubernetes Prow Robot
2b521e5f8e
Merge pull request #123405 from cici37/vapGA 
[KEP-3488]Promote ValidatingAdmissionPolicy to GA
 2024-03-05 18:29:53 -08:00
Kubernetes Prow Robot
87f9b3891e
Merge pull request #123385 from HirazawaUi/allow-special-characters 
Allow almost all printable ASCII characters in environment variables
 2024-03-05 17:31:06 -08:00
cici37
de506ce7ac Promote ValidatingAdmissionPolicy to GA. 2024-03-05 16:00:21 -08:00
Kevin Hannon
6a4e19a4ec add no swap as the default option for swap 2024-03-05 16:10:42 -05:00
Michał Woźniak
e568a77a93
Support for the Job managedBy field (alpha) (#123273) 
* support for the managed-by label in Job

* Use managedBy field instead of managed-by label

* Additional review remarks

* Review remarks 2

* review remarks 3

* Skip cleanup of finalizers for job with custom managedBy

* Drop the performance optimization

* imrpove logs
 2024-03-05 09:25:15 -08:00
Monis Khan
bc7aa13bf7
Mark StructuredAuthenticationConfiguration feature gate as beta 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-05 11:34:30 -05:00
HirazawaUi
e56240b2e1 add validation method at the top level 2024-03-05 17:09:10 +08:00
Kubernetes Prow Robot
a76a3e031f
Merge pull request #123487 from gauravkghildiyal/kep-4444 
Introduce trafficDistribution field for Kubernetes Services
 2024-03-04 20:07:15 -08:00
Kubernetes Prow Robot
699984f25a
Merge pull request #123641 from liggitt/authz-config-beta-gate 
Promote StructuredAuthorizationConfiguration feature gate to beta
 2024-03-04 18:38:23 -08:00
Kubernetes Prow Robot
5b6d8a4293
Merge pull request #123532 from serathius/separate-rpc 
Move cacher watch to separate rpc preventing starvation
 2024-03-04 18:38:14 -08:00
Kubernetes Prow Robot
6929a11f69
Merge pull request #123481 from sanposhiho/mindomain-stable 
graduate MinDomainsInPodTopologySpread to stable
 2024-03-04 17:18:53 -08:00
Sean Sullivan
8b447d8c97 portforward: tunnel spdy through websockets 2024-03-04 11:10:30 -08:00
Kubernetes Prow Robot
89cbd94e68
Merge pull request #123593 from giuseppe/userns-use-kubelet-user-mappings 
KEP-127: kubelet: honor kubelet user mappings
 2024-03-04 10:24:52 -08:00
Marek Siarkowicz
31d404b182 Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior 2024-03-04 12:51:06 +01:00
Gaurav Ghildiyal
996d11d4e8 Add new field trafficDistribution to Service spec 2024-03-03 22:34:17 -08:00
Kubernetes Prow Robot
e4a14fe0f5
Merge pull request #123575 from Huang-Wei/pod-scheduling-readiness-stable 
Graduate PodSchedulingReadiness to stable
 2024-03-03 22:29:38 -08:00
Giuseppe Scrivano
4c81e5c9dc
features: promote UserNamespacesSupport to beta 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-03-02 12:15:43 +01:00
Jordan Liggitt
30256c8909
Promote StructuredAuthorizationConfiguration feature gate to beta 2024-03-02 02:12:36 -05:00
Kensei Nakada
b48b4ebc69 address reviews 2024-03-02 04:51:00 +00:00