Commit Graph

61 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
91738cb031
Merge pull request #87688 from mborsz/node2
Add a fast path for adding new node in node_authorizer
2020-02-07 05:57:03 -08:00
Maciej Borsz
69df8a8230 Add a fast path for adding new node in node_autorizer.
This seems to improve WriteIndexMaintenance benchmark:

Before:
BenchmarkWriteIndexMaintenance-12    	    1034	   1157922 ns/op	    1906 B/op	      41 allocs/op
After:
BenchmarkWriteIndexMaintenance-12    	    4891	    239821 ns/op	    1572 B/op	      37 allocs/op
2020-02-04 11:32:06 +01:00
Jordan Liggitt
d8c00b7f52 Fix node authorizer index recomputation 2020-01-30 13:29:57 -05:00
lemonli
2498dbf636 clean node_authorizer code: verb judgement 2020-01-15 18:08:09 +08:00
wojtekt
1657ef25eb Extend authorization benchmark 2019-12-12 16:20:38 +01:00
wojtekt
ffad401b4e Promote NodeLease feature to GA 2019-11-05 09:01:12 +01:00
Jordan Liggitt
92eb072989 Propagate context to Authorize() calls 2019-09-24 11:14:54 -04:00
Kubernetes Prow Robot
ad095324bf
Merge pull request #79309 from draveness/feature/cleanup-CSIPersistentVolume-feature-gates
feat: cleanup feature gates for CSIPersistentVolume
2019-06-25 01:15:03 -07:00
draveness
8e9472ba79 feat: cleanup feature gates for CSIPersistentVolume 2019-06-25 09:00:12 +08:00
draveness
35bc5dc6b6 feat: cleanup feature gates for KubeletPluginsWatcher 2019-06-23 16:59:36 +08:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
shinytang6
5c9f4d9dc6 replace time.Now().Sub with time.Since 2019-03-21 18:02:55 +08:00
Xing Yang
85867e5625 Modify node admission and node authorizer 2019-03-04 16:42:12 -08:00
Andrew Kim
01933b02a3 replace usage of v1beta1 VolumeAttachments with v1 2019-02-27 15:42:12 -05:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Jordan Liggitt
16e355791f Improve node authorizer and noderestriction forbidden messages 2018-11-24 09:31:10 -05:00
Davanum Srinivas
954996e231
Move from glog to klog
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
2018-11-10 07:50:31 -05:00
Jordan Liggitt
4cbdc98df3 node-isolation approvers/reviewers 2018-11-06 00:57:39 -05:00
Eric Chiang
766f5875bf Remove ericchiang from OWNERS files
Kept myself in the OpenID Connect ones for now.
2018-10-11 18:11:15 -07:00
Cheng Xing
94d649b590 Rearranged feature flags 2018-09-07 17:45:27 -07:00
Cheng Xing
becc6a9c19 Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction. 2018-09-06 19:16:51 -07:00
Michael Taufen
1b7d06e025 Kubelet creates and manages node leases
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.

- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
2018-08-26 16:03:36 -07:00
yue9944882
f624a4efb8 externalize node admission
fixes internal pod annotation reference

completely strip internal informers from authz initialization
2018-08-21 23:33:03 +08:00
yue9944882
e7d0983707 externalize pv informer in node authorizer 2018-08-17 11:14:43 +08:00
yue9944882
715f04b2ed should cast va instead of pv 2018-08-16 11:15:08 +08:00
yue9944882
bc1fb1f7e8 node authz/ad externalization 2018-08-09 10:57:30 +08:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Jordan Liggitt
c8a0f52d5d
Short-circuit node authorizer graph edges for mirror pods 2018-06-06 11:34:14 -04:00
David Eads
092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
wojtekt
f344c5c062 Requires single name for list and watch 2018-05-15 14:19:21 +02:00
Kubernetes Submit Queue
b2fe2a0a6d
Merge pull request #59847 from mtaufen/dkcfg-explicit-keys
Automatic merge from submit-queue (batch tested with PRs 63624, 59847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

explicit kubelet config key in Node.Spec.ConfigSource.ConfigMap

This makes the Kubelet config key in the ConfigMap an explicit part of
the API, so we can stop using magic key names.
    
As part of this change, we are retiring ConfigMapRef for ConfigMap.


```release-note
You must now specify Node.Spec.ConfigSource.ConfigMap.KubeletConfigKey when using dynamic Kubelet config to tell the Kubelet which key of the ConfigMap identifies its config file.
```
2018-05-09 17:55:13 -07:00
Michael Taufen
c41cf55a2c explicit kubelet config key in Node.Spec.ConfigSource.ConfigMap
This makes the Kubelet config key in the ConfigMap an explicit part of
the API, so we can stop using magic key names.

As part of this change, we are retiring ConfigMapRef for ConfigMap.
2018-05-08 15:37:26 -07:00
Jordan Liggitt
ff8cdabfd4
Maintain index of high-cardinality edges in node authorizer graph 2018-05-02 16:05:28 -04:00
Jordan Liggitt
ad7d5505b9
clean up vertex/edge deletion 2018-05-02 15:39:50 -04:00
Jordan Liggitt
1c6998a2f3
Add node authorizer contention benchmark 2018-04-19 23:11:54 -04:00
Jordan Liggitt
7f5def4361
fix graph test sorting 2018-04-06 20:46:25 -04:00
hangaoshuai
33f389bc1e use handle DeletedFinalStateUnknown objects in function deleteNode 2018-03-30 11:51:39 +08:00
Michael Taufen
ab8dc12333 node authorizer sets up access rules for dynamic config
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.

I also added some validation to the node strategy, which I discovered we
were missing while writing this.
2018-03-27 08:49:45 -07:00
Mike Danese
2cc75f0a5a auth: allow nodes to create tokones for svcaccts of pods
running on them.
2018-02-26 13:46:19 -08:00
Serguei Bezverkhi
a6ca466859 k8s csi code change 2018-02-23 16:50:43 -05:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
NickrenREN
7b9d2c046f Use v1beta1 VolumeAttachment 2018-01-31 18:46:11 +08:00
Jordan Liggitt
ecfd18e2a6
Add get volumeattachments support to Node authorizer 2018-01-17 00:00:18 -05:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Jordan Liggitt
d073c10dbc
Refactor flex pv to allow secret namespace 2017-12-13 23:32:16 -05:00
Hemant Kumar
1b76b0b2ff Allow node to update PVC's status
Implement node policy feature gates
Add tests for node policy update
2017-11-22 14:32:50 -05:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Kubernetes Submit Queue
0e21ac81c0 Merge pull request #51416 from justinsb/fix_nodeidentitifer_godocs
Automatic merge from submit-queue (batch tested with PRs 51416, 53535). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix NodeIdentifier godocs: IdentifyNode -> NodeIdentity
2017-10-17 08:44:13 -07:00