github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
108,882 Commits 1 Branch 31 Tags 1,019 MiB
a0d6a49b12
Commit Graph

3138 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
18b5efceda
Merge pull request #110410 from Jiawei0227/master 
CSIMigration feature gate to GA
 2022-06-22 04:05:48 -07:00
wangyysde
ab66a38194 PodSecurity: promote config and feature gate to GA 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2022-06-15 09:29:47 +08:00
Jiawei Wang
760365d5c9 CSIMigration feature gate to GA 2022-06-06 21:19:19 +00:00
Wojciech Tyczyński
f8211d7e44 Fix ResourceQuota admission shutdown 2022-05-23 12:34:50 +02:00
Jordan Liggitt
410ac59c0d Remove PodSecurityPolicy admission plugin 2022-05-04 16:00:56 -04:00
James Laverack
7d57d5c70d Revert "Introduce APIs to support multiple ClusterCIDRs (#108290)" 
This reverts commit b9792a9dae.
 2022-04-13 13:58:19 +01:00
Sarvesh Rangnekar
b9792a9dae
Introduce APIs to support multiple ClusterCIDRs (#108290) 
* Introduce networking/v1alpha1 api, ClusterCIDRConfig type

Introduce networking/v1alpha1 api group.

Add `ClusterCIDRConfig` type to networking/v1alpha1 api group, this type
will enable the NodeIPAM controller to support multiple ClusterCIDRs.

* Change ClusterCIDRConfig.NodeSelector type in api

* Fix review comments for API

* Update ClusterCIDRConfig API Spec

Introduce PerNodeHostBits field, remove PerNodeMaskSize
 2022-03-30 19:39:00 -07:00
Tim Allclair
bdebc62d49 Don't add audit annotations directly to the audit event 2022-03-28 17:03:53 -07:00
Kubernetes Prow Robot
c239b406f0
Merge pull request #108929 from gnufied/move-expansion-feature-gate-ga 
Move all volume expansion feature gates to GA
 2022-03-25 18:08:16 -07:00
Kubernetes Prow Robot
d60df5ba04
Merge pull request #108159 from pohly/logcheck 
logcheck update and golangci-lint integration
 2022-03-24 18:37:50 -07:00
Kubernetes Prow Robot
df790a5b06
Merge pull request #108738 from deads2k/add-eviction 
allow namespace editors to evict pods
 2022-03-24 12:18:41 -07:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
Patrick Ohly
edffc700a4 enhance and fix log calls 
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:

- Logging a message only above a certain verbosity threshold without
  recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
  this matters when using a logging backend which records the verbosity
  level.

- Passing a format string with parameters to a logging function that
  doesn't do string formatting.

All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.

In some cases it reports false positives, but those can be suppressed with
source code comments.
 2022-03-24 11:13:50 +01:00
Kubernetes Prow Robot
2d46f1bc30
Merge pull request #103062 from ikeeip/component_helper_storage 
Move volume helpers to "k8s.io/component-helpers/storage/volume".
 2022-03-23 13:21:20 -07:00
Kubernetes Prow Robot
24a71990e0
Merge pull request #108445 from pohly/storage-capacity-ga 
storage capacity GA
 2022-03-23 08:06:21 -07:00
Monis Khan
fef7d0ef1e
webhook: use rest.Config instead of kubeconfig file as input 
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file.  This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format.  This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-17 20:47:42 -04:00
Paco Xu
acd696266e mark PodOverhead to GA in v1.24; remove in v1.26 2022-03-17 09:30:14 +08:00
David Eads
a5d3e6cd83 allow namespace editors to evict pods 2022-03-16 11:52:56 -04:00
Konstantin Misyutin
1d7cefe9c4 Move volume helpers to "k8s.io/component-helpers/storage/volume". 
This patch aims to simplify decoupling "pkg/scheduler/framework/plugins"
from internal "k8s.io/kubernetes" packages. More described in
issue #89930 and PR #102953.

Some helpers from "k8s.io/kubernetes/pkg/controller/volume/persistentvolume"
package moved to "k8s.io/component-helpers/storage/volume" package:

- IsDelayBindingMode
- GetBindVolumeToClaim
- IsVolumeBoundToClaim
- FindMatchingVolume
- CheckVolumeModeMismatches
- CheckAccessModes
- GetVolumeNodeAffinity

Also "CheckNodeAffinity" from "k8s.io/kubernetes/pkg/volume/util"
package moved to "k8s.io/component-helpers/storage/volume" package
to prevent diamond dependency conflict.

Signed-off-by: Konstantin Misyutin <konstantin.misyutin@huawei.com>
 2022-03-16 15:43:09 +08:00
Patrick Ohly
3a7deaa141 storage capacity: GA, always enabled, remove feature check 
The code and tests for scenarios where the feature is disabled are no longer
needed because the feature is graduating to GA.
 2022-03-14 20:05:45 +01:00
Kubernetes Prow Robot
7c6f09e4b0
Merge pull request #106565 from kerthcet/feature/addd-several-testcases-to-cover-priority-admission 
add several testcases to cover PriorityClass admission veeifications
 2022-03-03 10:43:48 -08:00
Kubernetes Prow Robot
85c43df3f6
Merge pull request #104244 from dgrisonnet/bootstrap-hpa-external-metrics 
Add bootstrap policy for HPA external metrics
 2022-03-03 08:43:48 -08:00
Kubernetes Prow Robot
effff78a1f
Merge pull request #107744 from Shubham82/Adding_logs-node_authorizer 
Added Logs Statement for a Pod in graph_populator.
 2022-02-28 16:07:58 -08:00
Shubham Kuchhal
cdfbcf94fc Recording the Duration. 2022-02-25 13:20:01 +05:30
Shubham Kuchhal
54fb058cfb Added timestamp and verbosity value to V(5). 2022-02-24 18:33:00 +05:30
Kubernetes Prow Robot
e74c42aaf2
Merge pull request #107880 from liggitt/kubectl-auth-token 
Add command to request a bound service account token
 2022-02-09 14:10:01 -08:00
Jordan Liggitt
42c93b058e Add service account token request permissions to edit and admin clusterroles 2022-02-09 14:05:53 -05:00
Kubernetes Prow Robot
24e5d1fdb7
Merge pull request #107432 from denkensk/graduate-nonpreemptingpriority-to-ga 
Graduate NonPreemptingPriority to GA
 2022-02-08 11:05:03 -08:00
Alex Wang
541907334e graduate nonpreemptingpriority to ga 2022-02-08 18:11:23 +08:00
Shubham Kuchhal
831a8eed68 Added Logs Statement for a Pod in graph_populator. 2022-01-25 14:11:56 +05:30
Hemant Kumar
4d956f053a Fix bug with node restriction blocking pvc.status.resizestatus change 2022-01-21 10:03:26 -05:00
Davanum Srinivas
9682b7248f
OWNERS cleanup - Jan 2021 Week 1 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-01-10 08:14:29 -05:00
Kubernetes Prow Robot
31898fc504
Merge pull request #101856 from prateekpandey14/fix-staticcheck 
fix static check of importing the same package multiple times
 2022-01-05 14:55:47 -08:00
Davanum Srinivas
497e9c1971
Cleanup OWNERS files (No Activity in the last year) 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-15 10:34:02 -05:00
prateekpandey14
f9cf14f3f6 fix static check of importing the same package multiple times 
Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>
 2021-12-14 11:06:44 +05:30
Davanum Srinivas
9405e9b55e
Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-12-09 21:31:26 -05:00
Kubernetes Prow Robot
39b45fb040
Merge pull request #106381 from dims/update-dims-as-approver 
Update `dims` as approver for some top level dirs
 2021-12-07 17:26:48 -08:00
kerthcet
cc999f69e7 add several testcases to cover PriorityClass admission veeifications 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2021-11-20 15:12:09 +08:00
Matthew Cary
bce87a3e4f controller change for statefulset auto-delete (implementation) 2021-11-17 16:48:50 -08:00
Davanum Srinivas
b956055771
Update dims as approver for some top level dirs 
- `staging`
- `plugin`
- `pkg`
- `cmd`

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-11-12 08:50:24 -05:00
Konstantin Misyutin
808c8f42d5 Remove StorageObjectInUseProtection feature gate logic 
This feature has graduated to GA in v1.11 and will always be
enabled. So no longe need to check if enabled.

Signed-off-by: Konstantin Misyutin <konstantin.misyutin@huawei.com>
 2021-11-03 00:13:50 +03:00
Jordan Liggitt
1bff65e6f8 PodSecurity: benchmark large numbers of owned pods 2021-11-02 08:43:27 -04:00
Tim Allclair
6c273020d3 [PodSecurity] Avoid the LegcayRegistry for metrics serving 2021-11-01 14:23:00 -07:00
Tim Allclair
e46928c0b1 [PodSecurity] Fix up metrics & add tests 
Update pod security metrics to match the spec in the KEP.
 2021-11-01 14:11:19 -07:00
Kubernetes Prow Robot
c592bd40f2
Merge pull request #105609 from pohly/generic-ephemeral-volume-ga 
generic ephemeral volume GA
 2021-10-28 17:36:50 -07:00
Alkaid
ae9ca48f01
[PodSecurity] Implement metricRecorder for admission (#104217) 
* init

Signed-off-by: jyz0309 <45495947@qq.com>

go fmt

Signed-off-by: jyz0309 <45495947@qq.com>

remove useless code

Signed-off-by: jyz0309 <45495947@qq.com>

add metrics.Attributes interface

Signed-off-by: jyz0309 <45495947@qq.com>

address comment

Signed-off-by: jyz0309 <45495947@qq.com>

go fmt code

Signed-off-by: jyz0309 <45495947@qq.com>

resolve import cycle

Signed-off-by: jyz0309 <45495947@qq.com>

fix comment

Signed-off-by: jyz0309 <45495947@qq.com>

fix lints

Signed-off-by: jyz0309 <45495947@qq.com>

fix build error

Signed-off-by: jyz0309 <45495947@qq.com>

fix test

Signed-off-by: jyz0309 <45495947@qq.com>

try

Signed-off-by: jyz0309 <45495947@qq.com>

* try to compare version

Signed-off-by: jyz0309 <45495947@qq.com>

fix conflict

Signed-off-by: jyz0309 <45495947@qq.com>

remove unuse change

Signed-off-by: jyz0309 <45495947@qq.com>

* address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* fix import error

Signed-off-by: jyz0309 <45495947@qq.com>

fix import

Signed-off-by: jyz0309 <45495947@qq.com>

address comment

Signed-off-by: jyz0309 <45495947@qq.com>

address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* format code

Signed-off-by: jyz0309 <45495947@qq.com>

* remove exempt and error record

Signed-off-by: jyz0309 <45495947@qq.com>

* ignore pod

Signed-off-by: jyz0309 <45495947@qq.com>

* add decision default value

Signed-off-by: jyz0309 <45495947@qq.com>

* address comment

Signed-off-by: jyz0309 <45495947@qq.com>

* remore useless import

Signed-off-by: jyz0309 <45495947@qq.com>

* remove policy vaild check

Signed-off-by: jyz0309 <45495947@qq.com>

use init to register metric

Signed-off-by: jyz0309 <45495947@qq.com>

fix test

Signed-off-by: jyz0309 <45495947@qq.com>

remove check

Signed-off-by: jyz0309 <45495947@qq.com>

remove blank line

Signed-off-by: jyz0309 <45495947@qq.com>

add allowedImports

Signed-off-by: jyz0309 <45495947@qq.com>

Add mock recorder

Signed-off-by: jyz0309 <45495947@qq.com>

format code

Signed-off-by: jyz0309 <45495947@qq.com>

separe record into 3 function

Signed-off-by: jyz0309 <45495947@qq.com>

* fix comment

Signed-off-by: jyz0309 <45495947@qq.com>
 2021-10-20 20:02:08 -07:00
Patrick Ohly
a8c930ef46 generic ephemeral volume: graduation to GA 
The feature gate gets locked to "true", with the goal to remove it in two
releases.

All code now can assume that the feature is enabled. Tests for "feature
disabled" are no longer needed and get removed.

Some code wasn't using the new helper functions yet. That gets changed while
touching those lines.
 2021-10-11 20:54:20 +02:00
Patrick Ohly
466dcdfcf6 auth: use generic ephemeral volume helper functions 
The name concatenation and ownership check were originally considered small
enough to not warrant dedicated functions, but the intent of the code is more
readable with them.
 2021-10-11 17:33:57 +02:00
Sahil Vazirani
3988405c8d
GA TTLAfterFinish 2021-10-07 16:58:50 -07:00
Jordan Liggitt
77d65dca44 PodSecurity: add namespace update verify benchmark 2021-10-04 12:26:30 -04:00