github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
102,165 Commits 1 Branch 31 Tags
656d00e8949f64cd663ca532d12e00982a6664c4
Commit Graph

13616 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
72f28fb8b3 Merge pull request #103445 from tallclair/podsecurity-attrs 
Move pod-security-admission to an external Attributes interface
 2021-07-06 22:11:39 -07:00
Samuel Roth
9e87082b85 [Pod Security] Baseline + restricted policy checks for seccomp (#103341) 
* podsecurity: add seccomp policy checks

* podsecurity: generated seccomp fixtures
 2021-07-06 22:11:28 -07:00
Kubernetes Prow Robot
561959f682 Merge pull request #102823 from ehashman/kep-2400-swap 
Alpha node swap support
 2021-07-06 22:11:11 -07:00
Kubernetes Prow Robot
99f77725c8 Merge pull request #102677 from yuzhiquan/deprecated-warning-for-drain 
Deprecated message for ignore-errors flag
 2021-07-06 22:11:03 -07:00
Kubernetes Prow Robot
60475ee5c2 Merge pull request #102181 from enj/enj/i/deprecate_gcp_azure 
Deprecate azure and gcp in-tree auth plugins
 2021-07-06 22:10:55 -07:00
Kubernetes Prow Robot
7df432f78f Merge pull request #99582 from chendave/fix_config 
custom plugin config should take precedence over default plugin config
 2021-07-06 22:10:43 -07:00
Kubernetes Prow Robot
1affd894cf Merge pull request #98431 from wawa0210/fix-98253 
fix kubectl alpha debug node does not work on tainted(NoExecute) nodes
 2021-07-06 21:04:42 -07:00
Kubernetes Prow Robot
e1acbbd8fd Merge pull request #99961 from margocrawf/master 
Introduce Impersonate-UID header
 2021-07-06 18:46:43 -07:00
Kubernetes Prow Robot
ca0c8275b4 Merge pull request #103484 from wojtek-t/pf_queue_picker 
Update the logic to pick the best queue in P&F
 2021-07-06 16:22:22 -07:00
Tim Allclair
cf6ba6096f Move pod-security-admission to an external Attributes interface 2021-07-06 15:15:15 -07:00
Monis Khan
6bfaeaf916 Deprecate azure and gcp in-tree auth plugins 
With the client-go credential plugin functionality going GA in 1.22,
it is now time to deprecate these legacy integrations.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-06 17:18:25 -04:00
Kubernetes Prow Robot
59e5b849c9 Merge pull request #103517 from liggitt/podsecurity-fixture-cleanup 
Podsecurity fixture cleanup
 2021-07-06 13:16:31 -07:00
wojtekt
0ecc7ba311 Update the logic to pick the best queue in P&F 2021-07-06 20:25:38 +02:00
Kubernetes Prow Robot
eae87bfe7e Merge pull request #103483 from odinuge/revert-102508-runc-1.0 
Revert "Update runc to 1.0.0"
 2021-07-06 10:42:56 -07:00
Kubernetes Prow Robot
6fc7dd5137 Merge pull request #103292 from verb/1.22-kubectl-debug-compat 
Add backwards compatibility for ephemeral containers in kubectl debug
 2021-07-06 10:42:39 -07:00
Kubernetes Prow Robot
3392f16908 Merge pull request #102890 from ankeesler/exec-plugin-v1 
exec credential provider: add v1 struct
 2021-07-06 10:42:31 -07:00
Kubernetes Prow Robot
ea3bcbc205 Merge pull request #101946 from chendave/balance_allocation 
Support extended resource in NodeResourcesBalancedAllocation plugin
 2021-07-06 10:42:19 -07:00
Margo Crawford
74f5ed6b17 This introduces an Impersonate-Uid header to server side code. 
UserInfo contains a uid field alongside groups, username and extra.
This change makes it possible to pass a UID through as an impersonation header like you
can with Impersonate-Group, Impersonate-User and Impersonate-Extra.

This PR contains:

* Changes to impersonation.go to parse the Impersonate-Uid header and authorize uid impersonation
* Unit tests for allowed and disallowed impersonation cases
* An integration test that creates a CertificateSigningRequest using impersonation,
  and ensures that the API server populates the correct impersonated spec.uid upon creation.
 2021-07-06 10:13:16 -07:00
Jordan Liggitt
2220fc6149 PodSecurity: clean up unnecessary passing fixtures 2021-07-06 12:44:00 -04:00
Jordan Liggitt
ea54b1b152 PodSecurity: Make check-specific passing fixtures optional 2021-07-06 12:43:56 -04:00
Kubernetes Prow Robot
2423842549 Merge pull request #103514 from soltysh/format_string 
Hide long and multiline strings when printing
 2021-07-06 09:35:02 -07:00
Kubernetes Prow Robot
7752b195f2 Merge pull request #103504 from tkashem/apf-add-additional-latency 
apf: refactor width into its own struct
 2021-07-06 09:34:43 -07:00
Kubernetes Prow Robot
c93e509e6f Merge pull request #103435 from dashpole/rename_service 
Change tracing service from kube-apiserver to apiserver
 2021-07-06 09:34:31 -07:00
Dave Chen
9a5237ca63 Custom plugin config should take precedence over default plugin config 
Signed-off-by: Dave Chen <dave.chen@arm.com>
 2021-07-06 23:16:28 +08:00
Kubernetes Prow Robot
61e30f1355 Merge pull request #102520 from coderanger/patch-3 
nit: Update comment to match headers change.
 2021-07-06 07:48:30 -07:00
Kubernetes Prow Robot
7d9f476337 Merge pull request #102155 from lauchokyip/addTop 
Added field-selector option for kubectl top pod
 2021-07-06 07:48:18 -07:00
Abu Kashem
24e1922910 apf: add additional latency into width 2021-07-06 09:49:56 -04:00
Andrew Keesler
20e1c4d754 exec credential provider: update tests+metadata for v1 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-07-06 09:48:35 -04:00
Kubernetes Prow Robot
6d11f22fde Merge pull request #102998 from tkashem/apf-width-list 
apiserver: add callback to get notified of object count
 2021-07-06 06:16:18 -07:00
Maciej Szulik
d0c422fd9c Hide long and multiline strings when printing 
Currently both long strings and multiline strings can potentially
"break" printing. I'm adding extra formatting to ensure we cut strings
either at newline or at 100 chars with information that more information
is available.
 2021-07-06 15:07:13 +02:00
Abu Kashem
1002b0d163 apiserver: add callback to get notified of object count 2021-07-05 23:57:46 -04:00
atiratree
194ed1408d update translations 
- update template.pot
- reformat .po files
- regenerate .mo files
- regenarate and mark obsolete translations
- remove obsolete default/english translations
 2021-07-05 22:55:26 +02:00
atiratree
079d8aeb1e fix update-translations.sh 2021-07-05 22:39:07 +02:00
Lee Verberne
06124c1d1c Add backwards compatibility for kubectl debug 
The ephemeral containers API changed in 1.22. As a result, kubectl
debug (currently) cannot create ephemeral containers in clusters prior
to 1.22.

This change causes kubectl to retry the request using the old API when
it receives a specific error message from the server.
 2021-07-05 20:49:13 +02:00
Kubernetes Prow Robot
26bdfbc0ab Merge pull request #103437 from p0lyn0mial/readyz-signal 
genericapiserver: adds HasBeenReady lifecycle signal
 2021-07-05 08:02:55 -07:00
Odin Ugedal
61d88af9e4 Revert "Update runc to 1.0.0" 2021-07-05 14:03:04 +02:00
Kubernetes Prow Robot
77aa52a09a Merge pull request #92372 from breunigs/vsphere-consider-not-found-success-on-delete 
ignore "vmdk not found" vsphere errors during unmount (assume success)
 2021-07-05 03:22:53 -07:00
Kubernetes Prow Robot
687f0aa35b Merge pull request #101296 from Miciah/fix-RollingUpdateDaemonSet-godoc-regarding-rounding 
Fix RollingUpdateDaemonSet godoc regarding rounding
 2021-07-05 02:14:54 -07:00
Kubernetes Prow Robot
a3c2028cf4 Merge pull request #103039 from tkashem/fix-102973 
apf: calculation of dR/dt should use seats in use
 2021-07-05 00:14:54 -07:00
Kubernetes Prow Robot
39e951a08d Merge pull request #101624 from tilt-dev/nicks/go-to-protobuf 
go-to-protobuf: small fixes to improve debuggability
 2021-07-04 14:22:18 -07:00
Kubernetes Prow Robot
c246b03d74 Merge pull request #101074 from verb/1.22-kubectl-target-warning 
Warn user for runtime support of debug targeting
 2021-07-02 13:38:26 -07:00
David Ashpole
8972efc65f change tracing service from kube-apiserver to apiserver 2021-07-02 07:04:26 -07:00
Lukasz Szaszkiewicz
58b91ffca9 adds HasBeenReady signal that fires when the readyz endpoint succeeds 2021-07-02 15:46:54 +02:00
Lukasz Szaszkiewicz
ca108d109d readyz signals when the handler succeeds for the first time. 
Co-authored-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2021-07-02 15:46:54 +02:00
Lee Verberne
968185e1f7 Warn user for runtime support of debug targeting 
Add a warning message to `kubectl debug` when using the `--target`
option as many runtimes don't support it yet.
 2021-07-02 14:23:00 +02:00
Lukasz Szaszkiewicz
6c88a62cb4 remove logging from the Signal method 2021-07-02 12:50:20 +02:00
Lukasz Szaszkiewicz
dae08bc3a7 rename terminationSignals to lifecycleSignals 2021-07-02 12:40:58 +02:00
Kubernetes Prow Robot
defcc916ed Merge pull request #103382 from liggitt/podsecurity-hostprocess 
[PodSecurity] hostProcess baseline check
 2021-07-02 01:16:24 -07:00
Kubernetes Prow Robot
659c7e709f Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 
csr: add expirationSeconds field to control cert lifetime
 2021-07-01 23:02:12 -07:00
Monis Khan
29b3fa7826 Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:16 -04:00