github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
102,324 Commits 1 Branch 31 Tags
995278c9fbb80cb15136c68970b384cc91030397
Commit Graph

13709 Commits

Author SHA1 Message Date
Harry Zhang
a3f57886a2 fix CleanScope so we can resolve correct verb for apiserver_request_terminations_total 2021-07-07 19:07:49 -07:00
Samuel Roth
a6b30e9629 podsecurity: added ValidatePodSecurityConfiguration 2021-07-07 21:59:05 -04:00
Li Bo
c3d9b10ca8 feature: support Memory QoS for cgroups v2 2021-07-08 09:26:46 +08:00
Kubernetes Prow Robot
075ce33452 Merge pull request #103487 from novahe/fix/fixture-data-race 
client-go: fix fixture data race
 2021-07-07 17:05:48 -07:00
Kubernetes Prow Robot
7bfd0b0503 Merge pull request #103467 from thockin/svc-alloc-lb-nodeports-bug 
Fix small bug with AllocateLoadBalancerNodePorts
 2021-07-07 17:05:40 -07:00
Kubernetes Prow Robot
10ba908d74 Merge pull request #103419 from natasha41575/upgradeKust4.2 
Upgrade kustomize-in-kubectl to v4.2.0
 2021-07-07 17:05:31 -07:00
Kubernetes Prow Robot
8e56a34195 Merge pull request #102966 from SergeyKanzhelev/deprecateDynamicKubeletConfig 
deprecate and disable by default DynamicKubeletConfig feature flag
 2021-07-07 17:05:15 -07:00
Kubernetes Prow Robot
785d9f028a Merge pull request #102188 from alculquicondor/fasterselector 
Improve slice allocation in LabelSelectorAsSelector
 2021-07-07 17:05:06 -07:00
Kubernetes Prow Robot
e3234f3d6b Merge pull request #101604 from pacoxu/tuning-grpc 
use PermitWithoutStream=true for etcd: send pings even without active stream
 2021-07-07 17:04:53 -07:00
Kubernetes Prow Robot
a392ca0f25 Merge pull request #103543 from liggitt/implement-check_dropCapabilities.go 
Implement check drop capabilities.go
 2021-07-07 14:20:23 -07:00
Kubernetes Prow Robot
d7123a6524 Merge pull request #103537 from wojtek-t/pf_chunking_refactor 
Avoid code duplication in watchcache
 2021-07-07 12:40:42 -07:00
Kubernetes Prow Robot
ac554af79b Merge pull request #103142 from serathius/etcd-3.5.0 
Upgrade etcd to 3.5.0
 2021-07-07 12:40:22 -07:00
atiratree
33e6ebc8f8 update translations 2021-07-07 20:16:09 +02:00
Kubernetes Prow Robot
006d5b8539 Merge pull request #103524 from bergerhoffer/help-text-updates 
Minor adjustments to descriptions and example text
 2021-07-07 10:44:12 -07:00
Kubernetes Prow Robot
b93cd81609 Merge pull request #103481 from wojtek-t/pf_watch_tracker 
Add watch tracker to APF for request cost estimation
 2021-07-07 10:44:06 -07:00
Kubernetes Prow Robot
20be00980c Merge pull request #103232 from astraw99/fix_delete_nil_pointer 
Fix delete nil pointer panic
 2021-07-07 10:43:41 -07:00
Jordan Liggitt
6408f3dffc Update generated files 2021-07-07 12:02:21 -04:00
Jordan Liggitt
250f47a45c Rename to capabilities_restricted 2021-07-07 12:02:21 -04:00
Jordan Liggitt
08608a24f1 Update dropCapabilities check/fixtures 2021-07-07 12:02:12 -04:00
Kubernetes Prow Robot
657c6fe033 Merge pull request #103407 from brianpursley/visit-order-tests 
Added unit tests for ExpandPathsToFileVisitors
 2021-07-07 08:57:08 -07:00
Kubernetes Prow Robot
eaba61b4de Merge pull request #103276 from NetApp/data-source-ref 
Add DataSourceRef field to PVC spec
 2021-07-07 08:56:44 -07:00
novahe
ce257266aa client-go: copying object to fix data race (#103148) 2021-07-07 23:44:14 +08:00
mgutierrez98
a8793dcb3e Implement check_dropAllCapabilities.go and test/fixtures_dropAllCapabilities.go 2021-07-07 09:41:15 -04:00
Andrea Hoffer
6b736f3484 Minor adjustments to descriptions and example text 2021-07-07 08:27:51 -04:00
wojtekt
cea1dcfeed Add watch tracker to APF for request cost estimation 2021-07-07 11:05:30 +02:00
wojtekt
2df05df698 Avoid code duplication in watchcache 2021-07-07 09:41:28 +02:00
wojtekt
7f1c4977d7 Refinements to pick queue logic in P&F 2021-07-07 08:58:49 +02:00
Kubernetes Prow Robot
ec39cc2eaf Merge pull request #103507 from CaoDonghui123/updateurl 
update  kubectl url
 2021-07-06 23:56:43 -07:00
Kubernetes Prow Robot
72f28fb8b3 Merge pull request #103445 from tallclair/podsecurity-attrs 
Move pod-security-admission to an external Attributes interface
 2021-07-06 22:11:39 -07:00
Samuel Roth
9e87082b85 [Pod Security] Baseline + restricted policy checks for seccomp (#103341) 
* podsecurity: add seccomp policy checks

* podsecurity: generated seccomp fixtures
 2021-07-06 22:11:28 -07:00
Kubernetes Prow Robot
561959f682 Merge pull request #102823 from ehashman/kep-2400-swap 
Alpha node swap support
 2021-07-06 22:11:11 -07:00
Kubernetes Prow Robot
99f77725c8 Merge pull request #102677 from yuzhiquan/deprecated-warning-for-drain 
Deprecated message for ignore-errors flag
 2021-07-06 22:11:03 -07:00
Kubernetes Prow Robot
60475ee5c2 Merge pull request #102181 from enj/enj/i/deprecate_gcp_azure 
Deprecate azure and gcp in-tree auth plugins
 2021-07-06 22:10:55 -07:00
Kubernetes Prow Robot
7df432f78f Merge pull request #99582 from chendave/fix_config 
custom plugin config should take precedence over default plugin config
 2021-07-06 22:10:43 -07:00
astraw99
af19d7f415 fix delete nil pointer panic 2021-07-07 12:45:13 +08:00
Kubernetes Prow Robot
1affd894cf Merge pull request #98431 from wawa0210/fix-98253 
fix kubectl alpha debug node does not work on tainted(NoExecute) nodes
 2021-07-06 21:04:42 -07:00
Kubernetes Prow Robot
e1acbbd8fd Merge pull request #99961 from margocrawf/master 
Introduce Impersonate-UID header
 2021-07-06 18:46:43 -07:00
Ben Swartzlander
00dba76918 Add DataSourceRef field to PVC spec 
Modify the behavior of the AnyVolumeDataSource alpha feature gate to enable
a new field, DataSourceRef, rather than modifying the behavior of the
existing DataSource field. This allows addition Volume Populators in a way
that doesn't risk breaking backwards compatibility, although it will
result in eventually deprecating the DataSource field.
 2021-07-06 21:17:41 -04:00
Tim Hockin
eae4a19bd3 Fix small bug with AllocateLoadBalancerNodePorts 
If the user specified a port, DO reserve it, even if they asked you not
to allocate new ports.
 2021-07-06 16:36:51 -07:00
Kubernetes Prow Robot
ca0c8275b4 Merge pull request #103484 from wojtek-t/pf_queue_picker 
Update the logic to pick the best queue in P&F
 2021-07-06 16:22:22 -07:00
Tim Allclair
cf6ba6096f Move pod-security-admission to an external Attributes interface 2021-07-06 15:15:15 -07:00
Monis Khan
6bfaeaf916 Deprecate azure and gcp in-tree auth plugins 
With the client-go credential plugin functionality going GA in 1.22,
it is now time to deprecate these legacy integrations.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-06 17:18:25 -04:00
Kubernetes Prow Robot
59e5b849c9 Merge pull request #103517 from liggitt/podsecurity-fixture-cleanup 
Podsecurity fixture cleanup
 2021-07-06 13:16:31 -07:00
wojtekt
0ecc7ba311 Update the logic to pick the best queue in P&F 2021-07-06 20:25:38 +02:00
Kubernetes Prow Robot
eae87bfe7e Merge pull request #103483 from odinuge/revert-102508-runc-1.0 
Revert "Update runc to 1.0.0"
 2021-07-06 10:42:56 -07:00
Kubernetes Prow Robot
6fc7dd5137 Merge pull request #103292 from verb/1.22-kubectl-debug-compat 
Add backwards compatibility for ephemeral containers in kubectl debug
 2021-07-06 10:42:39 -07:00
Kubernetes Prow Robot
3392f16908 Merge pull request #102890 from ankeesler/exec-plugin-v1 
exec credential provider: add v1 struct
 2021-07-06 10:42:31 -07:00
Kubernetes Prow Robot
ea3bcbc205 Merge pull request #101946 from chendave/balance_allocation 
Support extended resource in NodeResourcesBalancedAllocation plugin
 2021-07-06 10:42:19 -07:00
Margo Crawford
74f5ed6b17 This introduces an Impersonate-Uid header to server side code. 
UserInfo contains a uid field alongside groups, username and extra.
This change makes it possible to pass a UID through as an impersonation header like you
can with Impersonate-Group, Impersonate-User and Impersonate-Extra.

This PR contains:

* Changes to impersonation.go to parse the Impersonate-Uid header and authorize uid impersonation
* Unit tests for allowed and disallowed impersonation cases
* An integration test that creates a CertificateSigningRequest using impersonation,
  and ensures that the API server populates the correct impersonated spec.uid upon creation.
 2021-07-06 10:13:16 -07:00
Jordan Liggitt
2220fc6149 PodSecurity: clean up unnecessary passing fixtures 2021-07-06 12:44:00 -04:00