github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,481 Commits 1 Branch 31 Tags 1,019 MiB
76a94fd836
Commit Graph

3067 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
ae23b0c11b
Merge pull request #115111 from kannon92/strategy-coverage-increase 
increasing coverage from 78% to 94% for strategy.go for batch/job
 2023-02-02 07:58:41 -08:00
kidddddddddddddddddddddd
113355a5a2 loosen check rules for ingress creation 2023-02-01 15:21:45 +08:00
Kubernetes Prow Robot
7f0d1722f5
Merge pull request #115378 from aojea/aojea_allocator 
add aojea as approver for networking APIs: services/allocators, netwo…
 2023-01-29 16:14:49 -08:00
Kubernetes Prow Robot
5bb7326c36
Merge pull request #114418 from xuzhenglun/master 
Reserve Nodeport Ranges For Dynamic And Static Port Allocation
 2023-01-29 14:02:35 -08:00
Antonio Ojea
0461c48078 add aojea as approver for networking APIs: services/allocators, networking group, ... 
Change-Id: Ia6542b21339f4a92a9c13c2b628038abe737d0f9
 2023-01-29 00:10:06 +00:00
Kubernetes Prow Robot
12240c2a5c
Merge pull request #115247 from Volatus/refactor-node-storage-tests 
Refactor: cleanup node/storage tests
 2023-01-26 17:42:32 -08:00
Ismayil Mirzali
6d484dc037
Refactor: cleanup node/storage tests 
Removes some repetitive patterns and simplifies the existing test code.
 2023-01-26 23:03:02 +02:00
xuzhenglun
d48dd100bf
add kube_apiserver_nodeport_allocator_* to improve observability of ServiceNodePortStaticSubrange 2023-01-26 14:44:16 +08:00
xuzhenglun
c18c6e1b87
allocate nodeport with offset 2023-01-26 14:44:04 +08:00
Antonio Ojea
ea99593fa1 Fix panic on ClusterIP allocation for /28 subnets 
The ClusterIP allocator tries to reserve on part of the ServiceCIDR
to allocate static IPs to the Services.

The heuristic of the allocator to obtain the offset was taking into
account the whole range size, not the IPs available in the range, the
subnet address and the broadcast address for IPv4 are not available.

This caused that for CIDRs with 16 hosts, /28 for IPv4 and /124 for
IPv6, the offset calculated was higher than the max number of available
addresses on the allocator, causing this to panic.

Change-Id: I6c6f527b0a600b3612be37769e405b8fb3dd33a8
 2023-01-25 20:32:40 +00:00
kannon92
96541d3e51 increasing coverage from 75% to 95% for strategy.go for batch/job 2023-01-23 18:53:46 +00:00
HirazawaUi
3b18e80fb4 delete unused functions in pkg directory 2023-01-16 21:43:36 +08:00
Kubernetes Prow Robot
696701b9fd
Merge pull request #114086 from xmcqueen/113935 
block ephemeral container addition to static pods
 2023-01-13 07:36:28 -08:00
Kubernetes Prow Robot
6ce055d62d
Merge pull request #114947 from saschagrunert/seccomp-ga-cleanup 
Make seccomp annotations non-functional
 2023-01-12 13:48:54 -08:00
Sascha Grunert
af1f6a230b
Make seccomp annotations non-functional 
This cleanup has been planned to finish the corresponding KEP:
https://github.com/kubernetes/kubernetes/issues/91286

As follow-up on the partly removal of the seccomp annotations in
https://github.com/kubernetes/kubernetes/pull/109819, we now drop
the version skew handling completely, but still warn as well as keep
the validation in place if both (annotation and field) are set.

The Pod Security Admission code has been already changed in
https://github.com/kubernetes/kubernetes/pull/114846.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2023-01-12 17:11:52 +01:00
Kubernetes Prow Robot
08d9a0ef5b
Merge pull request #113467 from pacoxu/psp-cleanup 
Remove PodSecurityPolicy related code except client-go & API type
 2023-01-11 14:28:07 -08:00
Kubernetes Prow Robot
564f438892
Merge pull request #114691 from thockin/fix-pod-warning-string 
Make the warning about pod name clearer
 2023-01-10 13:47:38 -08:00
Kubernetes Prow Robot
5a896bf379
Merge pull request #114677 from kl52752/epd-warning-address-type 
Generate warning for EndpointSlice AddressType FQDN
 2023-01-10 13:47:27 -08:00
Paco Xu
e0bc0693e9 registry/storage: remove psp support 2023-01-06 17:07:02 +08:00
Kubernetes Prow Robot
ac889a0251
Merge pull request #113581 from aimuz/verify-tls-secret 
Verify that the key matches the cert
 2023-01-04 14:29:58 -08:00
TommyStarK
e2d8fc3f62 pkg/registry: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-04 10:38:09 +01:00
Kubernetes Prow Robot
12c71fdf1c
Merge pull request #113542 from ardaguclu/fix-shortname-disperancy 
Set singular names for core types to pass to discovery
 2023-01-03 09:29:43 -08:00
Katarzyna Lach
249f763c7e Generate warning for EndpointSlice AddressType FQDN 
Change-Id: Ibc213acdffa741e630821f371ea25e2b5187a011
 2023-01-02 10:00:01 +00:00
Antonio Ojea
29ea5076ea refactor current ipallocator 
- rename files to match the allocator backend
- use t.Run for tests and cover large ranges
- add benchmarks
- check that thebitmap ip allocator satisfies the interface

goos: linux
goarch: amd64

pkg: k8s.io/kubernetes/pkg/registry/core/service/ipallocator
cpu: Intel(R) Xeon(R) CPU E5-2678 v3 @ 2.50GHz
BenchmarkAllocateNextIPv4Size1048574
BenchmarkAllocateNextIPv4Size1048574-24    	 1517683
7373 ns/op	     135 B/op	       8 allocs/op
BenchmarkAllocateNextIPv6Size65535
BenchmarkAllocateNextIPv6Size65535-24      	 5607438
193.9 ns/op	      18 B/op	       2 allocs/op
PASS
 2022-12-31 12:48:50 +00:00
Tim Hockin
7c7d79b058
Make the warning about pod name clearer 
Previously this was cut-paste from deployment.  It didn't make much
sense for pod.
 2022-12-25 14:20:55 -08:00
Tim Hockin
ed3ebbaaa7
Remove TODO about API proxy checking for svc 2022-12-23 12:32:17 -08:00
Kubernetes Prow Robot
038d983769
Merge pull request #114505 from aojea/service_warnings 
Services API: warnings on IP addresses
 2022-12-16 18:07:52 -08:00
Tim Hockin
8f62b94991
cronjob: API warn when name is not DNS label 2022-12-16 13:08:08 -08:00
Tim Hockin
fec8e721b2
job: API warn when name is not DNS label 2022-12-16 13:07:42 -08:00
Tim Hockin
b65cec86eb
deployment: API warn when name is not DNS label 2022-12-16 13:07:13 -08:00
Tim Hockin
820e2fff0d
rs: API warn when name is not DNS label 2022-12-16 13:06:43 -08:00
Tim Hockin
e27cf75094
rc: API warn when name is not DNS label 2022-12-16 13:06:10 -08:00
Tim Hockin
c555d290c1
pod: API warn when name is not DNS label 2022-12-16 13:05:17 -08:00
Antonio Ojea
1b804fc87c Services API: warnings 
The Services API should warn users about some IP addresses
representations, mainly because some of them are not allowed
by the golang std parsers since go 1.17

Specifically:

- IPv4 addresses with leading zeros, that may cause security risks
- IPv6 addresses in non canonical format, that may cause problems
with controllers hotlooping or cause security issues

Change-Id: Ife50a651d1b22dc4c318e42bd3e5f2e5f88ecbcd
 2022-12-16 11:54:05 +00:00
Kubernetes Prow Robot
4b27077eb2
Merge pull request #114428 from SataQiu/clean-rest-20221212 
apiserver: cleanup unused StrategyExceptions
 2022-12-14 06:47:34 -08:00
aimuz
4a7ab7fd75
Verify that the key matches the cert 
Signed-off-by: aimuz <mr.imuz@gmail.com>
 2022-12-13 10:43:58 +08:00
SataQiu
090c36027f apiserver: cleanup unused StrategyExceptions 2022-12-12 23:56:24 +08:00
Tim Hockin
dd0a50336e
ServiceInternalTrafficPolicyType: s/Type// 
Rename ServiceInternalTrafficPolicyType => ServiceInternalTrafficPolicy
 2022-12-11 13:48:31 -08:00
Tim Hockin
d0e2b06850
ServiceExternalTrafficPolicyType: s/Type// 
Rename ServiceExternalTrafficPolicyType => ServiceExternalTrafficPolicy
 2022-12-11 13:48:27 -08:00
Kubernetes Prow Robot
4106b10d9c
Merge pull request #112799 from kerthcet/cleanup/strategy-test 
optimize testcases arrangement
 2022-12-09 15:43:29 -08:00
Kubernetes Prow Robot
6f6bf42ee5
Merge pull request #113768 from lojies/codecleanupforkubeleteviction 
cleanup:Omit comparison with boolean constant
 2022-12-09 14:34:26 -08:00
Brian McQueen
25e990f738 added validation check to block adding an ephemeral container to a static pod and test cases 2022-12-02 15:39:11 -08:00
Arda Güçlü
43a889fc65 Add integration test to test singularnames for all resources 2022-11-21 09:59:37 +03:00
Arda Güçlü
1f54f610e4 minor integration test fixes and more singular resource 2022-11-18 13:11:16 +03:00
Arda Güçlü
23e2899556 Implement GetSingularName for LegacyBindingREST 
LegacyBindingREST is only used for `bindings` resource. It is not
a subresource and that's why it is required to implement
`GetSingularName` function. However, there is no need to implement
this function for BindingREST because it is only used for binding
subresource.

That's why, this function statically adds GetSingularName for
LegacyBindingREST.
 2022-11-18 12:21:19 +03:00
Arda Güçlü
d14b7781e2 Use casted SingularName for rbac types 2022-11-18 12:21:19 +03:00
Arda Güçlü
1abf94bec3 Remove GetSingularName for subresources 2022-11-18 12:21:19 +03:00
Arda Güçlü
672e0b1e01 Use correct singular name format for subresources 2022-11-18 12:21:19 +03:00
Arda Güçlü
578ddde80e Add singular name for the rest of types 2022-11-18 12:21:13 +03:00
Arda Güçlü
0990ba1cc9 Introduce singularNameProvider for core types 
This introduces `singularNameProvider`. This provider will be used
by core types to have their singular names are defined in discovery
endpoint. Thanks to that, core resources singular name always have
higher precedence than CRDs shortcuts or singular names.
 2022-11-18 12:21:07 +03:00
Kubernetes Prow Robot
d1c0171aed
Merge pull request #111023 from pohly/dynamic-resource-allocation 
dynamic resource allocation
 2022-11-11 16:21:56 -08:00
Kubernetes Prow Robot
cc704f9778
Merge pull request #113375 from atiratree/PodHealthyPolicy-api 
api: add unhealthyPodEvictionPolicy for PDBs
 2022-11-11 04:02:10 -08:00
Filip Křepinský
a429797f2e api: add UnhealthyPodEvictionPolicy for PDBs 2022-11-10 23:25:42 +01:00
Patrick Ohly
5cca60f0b8 api: dynamic resource allocation API 
This adds a new resource.k8s.io API group with v1alpha1 as version. It contains
four new types: resource.ResourceClaim, resource.ResourceClass, resource.ResourceClaimTemplate, and
resource.PodScheduling.
 2022-11-10 20:08:24 +01:00
Takafumi Takahashi
87c1ca88d4 Add API and validation for CrossNamespaceVolumeDataSource 2022-11-09 20:58:25 +00:00
Kubernetes Prow Robot
ff19efdf9b
Merge pull request #112744 from pwschuurman/statefulset-slice-impl 
Add implementation of KEP-3335, StatefulSetSlice
 2022-11-09 11:12:28 -08:00
Kubernetes Prow Robot
7e0e0c8ec3
Merge pull request #113360 from mimowo/handling-pod-failures-beta-enable 
Enable the "Retriable and non-retriable pod failures for jobs" feature into beta
 2022-11-09 08:30:24 -08:00
Michal Wozniak
c803892bd8 Enable the feature into beta 2022-11-09 09:02:40 +01:00
lojies
e2a4565a2b cleanup:Omit comparison with boolean constant 2022-11-09 09:54:41 +08:00
Abu Kashem
424b23bb15 apiserver: fix defaulting for apf bootstrap configuration 2022-11-08 13:23:09 -08:00
Peter Schuurman
366997951b Update doc comments and change name of feature gate 2022-11-08 07:48:10 -08:00
Peter Schuurman
7b3d77a41a Adding implementation of KEP-3335, StatefulSetSlice 2022-11-08 07:48:00 -08:00
Jordan Liggitt
fc69084bf1
Update workload selector validation 2022-11-07 20:52:02 -05:00
Manjusaka
0843c4dfca
Add extra value validation for matchExpression field in LabelSelector 2022-11-07 20:48:21 -05:00
Kubernetes Prow Robot
595ea32411
Merge pull request #113314 from cici37/celIntegration 
CEL validation in Admission chain
 2022-11-07 17:08:33 -08:00
Cici Huang
d3f48136d0 Add Authz check to validate policy and binding. 
Co-authored-by: Jiahui Feng <jhf@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2022-11-07 21:29:56 +00:00
Cici Huang
0486e06261 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 2022-11-07 20:51:51 +00:00
Kubernetes Prow Robot
0f3ac85d32
Merge pull request #113681 from andrewsykim/fix-node-address-validation 
fix node address validation
 2022-11-07 11:21:00 -08:00
Kubernetes Prow Robot
ac95e5b701
Merge pull request #113510 from alculquicondor/finalizers-stable 
Graduate JobTrackingWithFinalizers to stable
 2022-11-07 08:06:41 -08:00
Andrew Sy Kim
2aee9b26f7 fix node address validation 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-07 10:22:44 -05:00
Aldo Culquicondor
4948918155
Graduate JobTrackingWithFinalizers to stable 
Change-Id: Ifc749a85b1270c0155ac511b91d4681d53236820
 2022-11-04 17:05:53 -04:00
Kubernetes Prow Robot
b20ddbd75a
Merge pull request #113351 from andrewsykim/endpointslice-terminating-ga 
Promote EndpointSliceTerminatingCondition to GA
 2022-11-04 09:36:39 -07:00
kerthcet
04573fb8c9 Add api-side enablement tests for nodeInclusionPolicy when updating 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2022-11-04 15:11:08 +08:00
kerthcet
21dea23f56 Add api-side enablement tests for nodeInclusionPolicy 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2022-11-04 15:11:05 +08:00
Kubernetes Prow Robot
8c77820759
Merge pull request #113274 from Huang-Wei/kep-3521-A 
[KEP-3521] Part 1: New Pod API .spec.schedulingGates
 2022-11-03 21:24:25 -07:00
Andrew Sy Kim
5ca805fdee pkg/registry/discovery: remove references to EndpointSliceTerminatingCondition feature gate when dropping disabled fields 
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
 2022-11-03 20:26:51 -04:00
Wei Huang
7b6293b6b6
APIs, Validation and condition enforcements 
- New API field .spec.schedulingGates
- Validation and drop disabled fields
- Disallow binding a Pod carrying non-nil schedulingGates
- Disallow creating a Pod with non-nil nodeName and non-nil schedulingGates
- Adds a {type:PodScheduled, reason:WaitingForGates} condition if necessary
- New literal SchedulingGated in the STATUS column of `k get pod`
 2022-11-03 14:32:34 -07:00
Andy Voltz
29f4862ed8 Promote ServiceInternalTrafficPolicy to GA 2022-11-03 13:17:03 -04:00
Kubernetes Prow Robot
c98aef484d
Merge pull request #112895 from nokia/kep-1435-GA 
KEP-1435 Mixed Protocol values in LoadBalancer Service GA
 2022-11-03 05:43:35 -07:00
Tim Hockin
0153bfad16
Copy LoadBalancerStatus from core to networking 
This type should never have been shared between Service and Ingress.
The `ports` field is unfortunate, but it is needed to stay compatible.
 2022-11-02 16:13:31 -07:00
Laszlo Janosi
82ce61afc7 KEP-1435 Mixed Protocol values in LoadBalancer Service GA 
Removed the unit tests that test the cases when the MixedProtocolLBService feature flag was false - the feature flag is locked to true with GA
Added an integration test to test whether the API server accepts an LB Service with different protocols.
Added an e2e test to test whether a service which is exposed by a multi-protocol LB Service is accessible via both ports.
Removed the conditional validation that compared the new and the old Service definitions during an update - the feature flag is locked to true with GA.
 2022-11-02 13:44:52 +02:00
Paco Xu
140502af8c add warning for PVC template in statefulset and in pod ephemeral volume source 2022-10-22 09:14:03 +08:00
Paco Xu
0b848bee4e pvc storage request warning for fractional byte value 
- create or update
 2022-10-21 16:15:55 +08:00
Jason Simmons
5a6acf85fa Align lifecycle handlers and probes 
Align the behavior of HTTP-based lifecycle handlers and HTTP-based
probers, converging on the probers implementation. This fixes multiple
deficiencies in the current implementation of lifecycle handlers
surrounding what functionality is available.

The functionality is gated by the features.ConsistentHTTPGetHandlers feature gate.
 2022-10-19 09:51:52 -07:00
Kubernetes Prow Robot
d754183866
Merge pull request #112163 from aojea/static_allocation_ga 
graduate ServiceIPStaticSubrange to GA
 2022-10-14 17:31:18 -07:00
Kubernetes Prow Robot
01019770cf
Merge pull request #112789 from enj/enj/r/kms_load_once_v2 
Load encryption config once (second approach)
 2022-10-13 11:25:02 -07:00
Monis Khan
f507bc2553
Load encryption config once 
This change updates the API server code to load the encryption
config once at start up instead of multiple times.  Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps.  This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2022-10-13 10:52:29 -04:00
Kubernetes Prow Robot
525280d285
Merge pull request #112643 from SergeyKanzhelev/removeDynamicKubeletConfig 
remove DynamicKubeletConfig feature gate from the code
 2022-10-12 01:33:00 -07:00
kerthcet
3ac1c4366f Optimize testcases arrangement 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2022-10-08 13:03:21 +08:00
Kubernetes Prow Robot
9720af2ba3
Merge pull request #112306 from tkashem/v1beta3 
add v1beta3 for Priority And Fairness
 2022-10-03 10:06:14 -07:00
Abu Kashem
66fc0d7037
rename assuredConcurrencyShares for flowcontrol v1beta3 2022-09-26 15:34:10 -04:00
Sergey Kanzhelev
39e49a91d7 remove DynamicKubeletConfig feature gate from the code 2022-09-23 23:14:19 +00:00
JunYang
1706de24d2 use klog.InfoS instead of klog.V(0).Info and log structured(registry part) 2022-09-22 14:59:43 +08:00
Abu Kashem
0a99e6ebb1
apiserver: update apf logic to use v1beta3 2022-09-21 18:54:20 -04:00
Abu Kashem
e1a764d635
apiserver: enable v1beta3 for apf 2022-09-21 18:54:19 -04:00
Kubernetes Prow Robot
f6f44bff90
Merge pull request #111708 from yangjunmyfm192085/fixloginfi 
use klog.InfoS instead of klog.V(0).InfoS
 2022-09-19 07:53:18 -07:00
m.nabokikh
00dfba473b Add auth API to get self subject attributes 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2022-09-14 18:00:26 +02:00
Monis Khan
4e68e9b5ad
kms: fix go routine leak in gRPC connection 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2022-09-08 11:46:57 -04:00
Antonio Ojea
c5a07b2e05 graduate ServiceIPStaticSubrange to GA 2022-09-02 07:13:18 +02:00
JunYang
2db4dea565 use klog.InfoS instead of klog.V(0).InfoS 2022-08-25 18:46:34 +08:00