kubernetes

Author	SHA1	Message	Date
Kubernetes Prow Robot	1a845ccd07	Merge pull request #103603 from mengjiao-liu/update-ingress-to-v1 Promote `ingressclass.kubernetes.io/is-default-class` annotation to networking/v1	2021-08-24 20:24:39 -07:00
Stephen Augustus	481cf6fbe7	generated: Run hack/update-gofmt.sh Signed-off-by: Stephen Augustus <foo@auggie.dev>	2021-08-24 15:47:49 -04:00
Jordan Liggitt	47859b7781	Ensure serviceaccount admission produces v1 Pod matching defaults after round-trip	2021-08-23 11:32:10 -04:00
Jordan Liggitt	ccbdf041a2	Fix slice type comparison bug	2021-08-18 11:30:34 -04:00
Kubernetes Prow Robot	e847b849c4	Merge pull request #103704 from robscott/endpoints-write-remove Remove Endpoints write access from aggregated edit role	2021-07-19 20:57:31 -07:00
Kubernetes Prow Robot	7fd021ba6a	Merge pull request #103703 from robscott/endpointslice-role-revert Revert granting EndpointSlice write access to edit role	2021-07-15 08:20:46 -07:00
Davanum Srinivas	26cc8e40a8	fix deadcode issues Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2021-07-14 08:41:21 -04:00
Rob Scott	416efdab26	Remove Endpoints write access from aggregated edit role	2021-07-13 22:17:12 -07:00
Rob Scott	6c61ee51b9	Revert granting EndpointSlice write access to edit role This reverts part of the change introduced by #101203.	2021-07-13 22:13:07 -07:00
Mengjiao Liu	792665e1ea	Promote ingressclass.kubernetes.io/is-default-class annotation to networking/v1	2021-07-09 15:48:13 +08:00
Aldo Culquicondor	2dd2622188	Track Job Pods completion in status Through Job.status.uncountedPodUIDs and a Pod finalizer An annotation marks if a job should be tracked with new behavior A separate work queue is used to remove finalizers from orphan pods. Change-Id: I1862e930257a9d1f7f1b2b0a526ed15bc8c248ad	2021-07-08 17:48:05 +00:00
Davanum Srinivas	79d0c6cdc1	switch from golang-lru to the one in k8s.io/utils Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2021-07-07 22:31:37 -04:00
Jordan Liggitt	1dfacd3c70	PodSecurity: use code/reason/details from admission library	2021-07-07 16:25:16 -04:00
Tim Allclair	cf6ba6096f	Move pod-security-admission to an external Attributes interface	2021-07-06 15:15:15 -07:00
Jordan Liggitt	f39bddd767	PodSecurity: kube-apiserver: admission wiring	2021-06-28 17:45:35 -04:00
Tomas Coufal	44cb4a63f6	Allow write on events to edit role Signed-off-by: Tomas Coufal <tcoufal@redhat.com>	2021-06-14 23:13:29 +02:00
Shihang Zhang	88b31814f4	BoundServiceAccountTokenVolume ga	2021-05-13 20:45:47 -07:00
Kubernetes Prow Robot	6ede5ca95f	Merge pull request #101186 from jsafrane/fix-ephemeral-rbac Fix RBAC of generic ephemeral volumes controller	2021-04-20 09:06:45 -07:00
Mike Tougeron	896bb932ef	Add endpointslices to default edit & view RBAC policies	2021-04-16 13:43:32 -07:00
Jan Safranek	cfbe5f1891	Fix RBAC of generic ephemeral volumes controller The controller must be able to "update" finalizers of all pods to make OwnerReferencesPermissionEnforcement admission plugin happy.	2021-04-16 11:01:54 +02:00
Kubernetes Prow Robot	d51f15ed0d	Merge pull request #100885 from enj/enj/i/auth_owners Update sig-auth OWNERS	2021-04-12 22:18:49 -07:00
Monis Khan	bca4993004	Update auth OWNERS files to only use aliases Signed-off-by: Monis Khan <mok@vmware.com>	2021-04-07 10:46:03 -04:00
Niekvdplas	fec272a7b2	Fixed several spelling mistakes	2021-03-30 23:02:09 +02:00
Patrick Ohly	c4311ae754	generic ephemeral volumes: refresh rbac testdata This is the result of UPDATE_BOOTSTRAP_POLICY_FIXTURE_DATA=true go test k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy Apparently enabling the GenericEphemeralVolume feature by default affect this test. The policy that it now tests against is indeed the one needed for the controller.	2021-03-09 08:24:52 +01:00
Patrick Ohly	85bfd26c17	CSIStorageCapacity: update rbac test data This is the result of UPDATE_BOOTSTRAP_POLICY_FIXTURE_DATA=true go test k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy after enabling the CSIStorageCapacity feature. This enables additional RBAC entries for reading CSIDriver and CSIStorageCapacity.	2021-03-08 20:52:50 +01:00
Swetha Repakula	108fd44f7c	Graduate EndpointSlice feature gate to GA	2021-03-06 15:58:47 -08:00
Abdullah Gharaibeh	3c5f018f8e	Add CrossNamespacePodAffinity quota scope and PodAffinityTerm.NamespaceSelector APIs, and CrossNamespacePodAffinity quota scope implementation.	2021-03-03 22:52:43 -05:00
Kubernetes Prow Robot	5498ee641b	Merge pull request #99561 from BenTheElder/remove-bazel Remove Bazel	2021-03-01 09:55:27 -08:00
Benjamin Elder	56e092e382	hack/update-bazel.sh	2021-02-28 15:17:29 -08:00
Jordan Liggitt	ec4d1b3821	Skip visiting empty secret and configmap names	2021-02-27 15:54:38 -05:00
Kubernetes Prow Robot	267e47f548	Merge pull request #99130 from ayberk/ebs_ga_labels Use GA topology labels for EBS	2021-02-23 23:48:49 -08:00
Shihang Zhang	cbf6e38bbd	move RootCAConfigMap to ga	2021-02-22 15:59:27 -08:00
Kubernetes Prow Robot	031f2afbba	Merge pull request #98931 from michaelbeaumont/kubelet_well_known Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis	2021-02-20 11:55:41 -08:00
Ayberk Yilmaz	339b8b450f	Use GA topoogy labels for EBS	2021-02-18 00:34:56 +00:00
Kubernetes Prow Robot	60a0740c95	Merge pull request #98678 from ahg-g/ahg-ttl-beta Graduate TTLAfterFinished to beta	2021-02-09 15:10:59 -08:00
Michael Beaumont	a5a6762d33	Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis	2021-02-09 21:37:39 +01:00
Abdullah Gharaibeh	880bbdad23	Graduate TTLAfterFinished to beta	2021-02-07 17:23:14 -05:00
Kubernetes Prow Robot	34f138ff83	Merge pull request #97823 from Jiawei0227/translation-lib Preparation for Topology migration to GA for CSI migration	2021-02-02 08:48:28 -08:00
Kubernetes Prow Robot	1119a505ac	Merge pull request #98669 from liggitt/denyexec Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission	2021-02-02 06:52:28 -08:00
Jordan Liggitt	3579f88e4d	Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission	2021-02-01 16:55:22 -05:00
Michael Taufen	6aa80d9172	Graduate ServiceAccountIssuerDiscovery to GA Waiting on KEP updates first: https://github.com/kubernetes/enhancements/pull/2363	2021-02-01 11:44:23 -08:00
Kubernetes Prow Robot	3667e0e9f7	Merge pull request #98147 from deads2k/system-masters-delete add check to gc_admission to allow super users to skip RESTMapping	2021-01-28 17:52:02 -08:00
Kubernetes Prow Robot	24f13032b3	Merge pull request #97395 from thockin/externalips-admission Add denyserviceexternalips admission (KEP 2200)	2021-01-28 12:33:11 -08:00
David Eads	ff6684d90f	add check to gc_admission to allow super users to skip RESTMapping	2021-01-27 16:53:33 -05:00
Jiawei Wang	67fed317a1	Prepare for Topology migration to GA from CSI migration This also includes a change on CSI migration TranslateCSIToInTree where we remove the CSI topology and add Kubernetes Topology to the NodeAffinity	2021-01-20 10:49:58 -08:00
Kubernetes Prow Robot	1f0ef8e679	Merge pull request #97293 from roycaihw/storage-version/gc-rbac add rbac rule for storage version garbage collector	2021-01-11 08:39:07 -08:00
Haowei Cai	83b30bc92f	generated	2021-01-08 11:39:41 -08:00
Haowei Cai	be172d6900	add rbac role for storage version GC	2021-01-08 11:39:08 -08:00
Tim Hockin	a8299079a5	Add denyserviceexternalips admission	2020-12-29 10:00:11 -08:00
Tim Hockin	02b77861ec	Move defaultingressclass admission to net subdir	2020-12-28 09:58:30 -08:00

1 2 3 4 5 ...

3083 Commits