This allows the state of restartable init containers to be transitioned
from terminated to non-terminated even for pods with RestartPolicyNever
or RestartPolicyOnFailure.
Inline the LoadBalancerSourceRanges parsing to make it more obvious
what it's requiring (and more importantly, *not* requiring), and
change it to use IsValidCIDR as well.
In preparation for rewriting LoadBalancerSourceRanges validation,
add/update the existing unit tests to cover some of the more exciting
edge cases of the existing validation code:
- The values in service.Spec.LoadBalancerSourceRanges are allowed to
have arbitrary whitespace around them.
- The annotation must be unset for non-LoadBalancer services, but
for LoadBalancer services, "set but empty" and "whitespace-only"
are treated the same as "unset".
- The annotation value is only validated if the field is not set.
Also fix some of the existing tests to be more precise about what they
are testing.
Also fix the CIDR values to actually be valid. Sigh.
Move apivalidation.ValidateCIDR to apimachinery, and rename it and
change its return value to match the other functions.
Also, add unit tests.
(Also, while updating NetworkPolicy validation for the API change, fix
a variable name that implied that IPBlock.Except[] is IP-valued rather
than CIDR-valued.)
This commit defines the ClusterTrustBundlePEM projected volume types.
These types have been renamed from the KEP (PEMTrustAnchors) in order to
leave open the possibility of a similar projection drawing from a
yet-to-exist namespaced-scoped TrustBundle object, which came up during
KEP discussion.
* Add the projection field to internal and v1 APIs.
* Add validation to ensure that usages of the project must specify a
name and path.
* Add TODO covering admission control to forbid mirror pods from using
the projection.
Part of KEP-3257.
When defining a ClusterIP Service, we can specify externalIP, and the
traffic policy of externalIP is subject to externalTrafficPolicy.
However, the policy can't be set when type is not NodePort or
LoadBalancer, and will default to Cluster when kube-proxy processes the
Service.
This commit updates the defaulting and validation of Service to allow
specifying ExternalTrafficPolicy for ClusterIP Services with
ExternalIPs.
Signed-off-by: Quan Tian <qtian@vmware.com>
