github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
102,510 Commits 1 Branch 31 Tags 1,019 MiB
9cee586ee9
Commit Graph

3148 Commits

Author SHA1 Message Date
David Ashpole
e5a1f86e0a add apiserver tracing integration test, and fix endpoint validation 2021-07-15 20:56:57 -07:00
Kubernetes Prow Robot
02355e22b3
Merge pull request #103650 from dims/get-golangci-lint-back-on-its-feet 
Get golangci lint back on its feet
 2021-07-15 02:06:48 -07:00
Monis Khan
a6ac42082b
client-go exec: fix metrics related to plugin not found 
These were missed because our tests did not pass in the correct test
data input (the command to execute).

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-14 14:02:23 -04:00
Davanum Srinivas
07332ad398
fix ineffassign and varcheck 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-07-14 08:41:22 -04:00
Andrew Sy Kim
9fa641b9ad test/integration/endpoints: check for pod existencen in TestEndpointWithTerminatingPod 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-12 14:22:34 -04:00
Kubernetes Prow Robot
e0a22acaa0
Merge pull request #103598 from tkashem/integration-test-timeout 
integration test: provide a timeout for /health
 2021-07-12 06:06:47 -07:00
Kubernetes Prow Robot
8ab66dcc4e
Merge pull request #103621 from andrewsykim/integration-test-terminating-endpoints-only 
Ensure Endpoints does not include terminating endpoints going forward
 2021-07-11 11:26:46 -07:00
Tim Allclair
32783f7568 PodSecurity: Initial webhook implementation 2021-07-09 17:04:29 -07:00
Andrew Sy Kim
2878e472ad test/integration/endpoints: improve docs for TestEndpointWithTerminatingPod 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-09 16:45:23 -04:00
Andrew Sy Kim
0aa1b3b0bf test/integration/endpoints: add a test to ensure Endpoints does not include terminating pods 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-09 16:19:57 -04:00
Kubernetes Prow Robot
03fa68099e
Merge pull request #98238 from alculquicondor/job-completion 
Track Job completion through Pod finalizers and status
 2021-07-09 08:42:54 -07:00
Kubernetes Prow Robot
3ccfe94563
Merge pull request #100101 from deads2k/mutated-options 
prevent mutation of deletion options during delete collection
 2021-07-09 07:36:53 -07:00
Abu Kashem
581b088f76
integration test: provide a timeout for /health 2021-07-09 08:38:15 -04:00
Andrew Sy Kim
fd0db61d6c test/intergration/endpointslice: add tests for endpointslice terminating condition 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-08 17:59:11 -04:00
David Eads
649b87aaf8 prevent mutation of deletion options during delete collection 2021-07-08 15:36:10 -04:00
Aldo Culquicondor
2dd2622188 Track Job Pods completion in status 
Through Job.status.uncountedPodUIDs and a Pod finalizer

An annotation marks if a job should be tracked with new behavior

A separate work queue is used to remove finalizers from orphan pods.

Change-Id: I1862e930257a9d1f7f1b2b0a526ed15bc8c248ad
 2021-07-08 17:48:05 +00:00
Kubernetes Prow Robot
1edf50192e
Merge pull request #103536 from mengjiao-liu/clean-master-term-test 
Clean up the remaining master names in test/integration
 2021-07-08 03:05:05 -07:00
Wei Huang
fb9cafc99b
sched: provide an option for plugin developers to move pods to activeQ 2021-07-07 12:50:12 -07:00
Mengjiao Liu
96406b915d Clean up the remaining master names in test/integration 2021-07-07 15:39:59 +08:00
Kubernetes Prow Robot
e1acbbd8fd
Merge pull request #99961 from margocrawf/master 
Introduce Impersonate-UID header
 2021-07-06 18:46:43 -07:00
Kubernetes Prow Robot
cbba6e41cc
Merge pull request #103472 from andrewsykim/deflake-quota-service-test 
test/integration/quota: deflake TestQuotaLimitService
 2021-07-06 12:08:19 -07:00
Kubernetes Prow Robot
3392f16908
Merge pull request #102890 from ankeesler/exec-plugin-v1 
exec credential provider: add v1 struct
 2021-07-06 10:42:31 -07:00
Margo Crawford
74f5ed6b17 This introduces an Impersonate-Uid header to server side code. 
UserInfo contains a uid field alongside groups, username and extra.
This change makes it possible to pass a UID through as an impersonation header like you
can with Impersonate-Group, Impersonate-User and Impersonate-Extra.

This PR contains:

* Changes to impersonation.go to parse the Impersonate-Uid header and authorize uid impersonation
* Unit tests for allowed and disallowed impersonation cases
* An integration test that creates a CertificateSigningRequest using impersonation,
  and ensures that the API server populates the correct impersonated spec.uid upon creation.
 2021-07-06 10:13:16 -07:00
Kubernetes Prow Robot
dd8ba30877
Merge pull request #103509 from sanposhiho/test/integration/util/fix-typo 
Fix(test/integration/util): fix typo on logging message
 2021-07-06 09:34:55 -07:00
Kubernetes Prow Robot
907e2c4d46
Merge pull request #103294 from mengjiao-liu/rename-master-package 
test/integration: rename package and files name from master to controlplane
 2021-07-06 09:34:19 -07:00
Andrew Keesler
20e1c4d754
exec credential provider: update tests+metadata for v1 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-07-06 09:48:35 -04:00
Andrew Sy Kim
edbaf9d5d3 test/integration/quota: poll for ResourceQuota used status in TestQuotaLimitService 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Co-authored-by: Antonio Ojea <aojea@redhat.com>
 2021-07-06 07:10:20 -04:00
Andrew Sy Kim
caf42fde43 test/integration/quota: refactor Service forbidden check into helper function 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-06 06:39:26 -04:00
Andrew Sy Kim
54bc1babe1 test/integration/quota: update TestQuotaLimitService to explicitly check for Forbidden status when quota limit is exceeded 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-06 06:39:26 -04:00
Andrew Sy Kim
87cef2ca73 test/integration/quota: deflake TestQuotaLimitService by collapsing test 
cases and adding a short delay for resource quota to propagate

Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-07-06 06:39:26 -04:00
Kensei Nakada
a85f3e4cce
Fix(test/integration/util): fix typo on logging message 2021-07-06 17:08:11 +09:00
Hanlin Shi
c96c809539 Add integration test for LB node port control 
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
 2021-07-02 21:58:49 +00:00
Kubernetes Prow Robot
defcc916ed
Merge pull request #103382 from liggitt/podsecurity-hostprocess 
[PodSecurity] hostProcess baseline check
 2021-07-02 01:16:24 -07:00
Kubernetes Prow Robot
659c7e709f
Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 
csr: add expirationSeconds field to control cert lifetime
 2021-07-01 23:02:12 -07:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime 
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
62503f254e
Merge pull request #103413 from mgutierrez98/refactor-whitelist-blacklist 
Refactored files containing whitelist/blacklist to allowlist/denylist…
 2021-07-01 18:12:25 -07:00
mgutierrez98
1cfbb0aa25 remove webhook.go to revert changes to conformance test 2021-07-01 20:24:46 +00:00
Jordan Liggitt
49d31c45b1 PodSecurity: baseline hostProcess check 2021-07-01 15:49:33 -04:00
Jordan Liggitt
ba6b4c5a18 PodSecurity: test GA-only cases and alpha/beta fields separately 2021-06-30 22:08:11 -04:00
Anish Ramasekar
5bd3334ad6
[PodSecurity] Add privileged containers baseline check 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2021-06-30 16:39:28 -04:00
Kubernetes Prow Robot
3d87fd6a9a
Merge pull request #103273 from XudongLiuHarold/fix-loadbalancerclass-test-name 
fix loadbalancerclass integration test funcation name
 2021-06-29 05:40:41 -07:00
Mengjiao Liu
8e4212c01a test/integration: rename package and files name from master to controlplane in test/integration 2021-06-29 17:21:29 +08:00
Harold
477aef192f fix loadbalancerclass integration test funcation name 2021-06-28 20:07:02 -07:00
Jordan Liggitt
42dc070b47 PodSecurity: kube-apiserver integration test 2021-06-28 17:45:36 -04:00
Antonio Ojea
2eb50ee2fd fix comment on dual-stack integration test 2021-06-25 23:24:49 +02:00
Kubernetes Prow Robot
e19dc07ac5
Merge pull request #102898 from khenidak/fix-prefer-dualstack 
fix auto upgraded preferDual-Stack services (in cluster upgrade)
 2021-06-25 10:58:08 -07:00
Kubernetes Prow Robot
9254610765
Merge pull request #103129 from XudongLiuHarold/service-loadbalancer-class-e2e 
Promote loadbalancerclass feature to beta
 2021-06-25 09:48:57 -07:00
Xudong Liu
fe161579e2 Add integration test to promote serviceloadbalancerclass feature to beta. 2021-06-24 17:30:17 -07:00
Kubernetes Prow Robot
73eac7ae66
Merge pull request #102986 from mengjiao-liu/rename-master 
Rename master to apiserver in test/integration
 2021-06-24 05:41:41 -07:00
Khaled (Kal) Henidak
58a83ecbdb integeration tests 2021-06-22 17:40:21 +00:00