github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
100,590 Commits 1 Branch 31 Tags 1,019 MiB
a8f68f9aba
Commit Graph

1783 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
1c8f2c3d77
Merge pull request #100753 from johnSchnake/newCustomRegistries 
Clean up and make more image handling consistent
 2021-05-12 22:10:24 -07:00
Stephen Augustus
5b530da51f [go1.16] Update to go1.16.4 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-05-07 15:47:54 -04:00
Kubernetes Prow Robot
44e7d15885
Merge pull request #100592 from claudiubelu/pause-image-kube-cross-update 
pause image: Uses kube-cross image to build Windows binaries
 2021-05-06 12:04:00 -07:00
John Schnake
0adf70b61b Clean up and make more image handling consistent 
- Cleans up some of the image registry handling by
initializing values in a more consistent and clear
manner.

- Adds the Docker library registry to the list of
values that is override-able.

- Adds a few branches to logic to ensure each registry
is handled the same.
 2021-05-05 21:08:29 -05:00
Michael Taufen
b33cd86a27 Update tests to use agnhost 2.32 
Updates e2e tests to use agnhost 2.32, which fixes an issue with the
conformance tests for ServiceAccountIssuerDiscovery.

Original fix: https://github.com/kubernetes/kubernetes/pull/101589

Image promotion: https://github.com/kubernetes/k8s.io/pull/1994
 2021-05-03 14:23:46 -07:00
Michael Taufen
0b3b99c096 Try both in-cluster and external discovery 
The conformance test for ServiceAccountIssuerDiscovery is currently
configured with --in-cluster-discovery, which only supports token
validation against in-cluster endpoints. Many cloud providers provide
their own, external endpoints for OIDC discovery, and because the iss
claim in tokens will point to these endpoints, but the client in this
test only trusts the Cluster CA, it will fail to connect to the external
discovery endpoints when validating the token.

To ensure that the conformance test at least supports scenario where
both the discovery doc endpoint and JWKS endpoint are cluster-local and
the scenario where both endpoints are cluster-external, this PR has the
test try both and requires at least one to pass.

Caveat: The test still won't support a configuration where one
endpoint is cluster-local and the other is external. We don't yet have
evidence that this is a configuration that is used in practice, so this
initial hotfix will at least fix the conformance test for the "both
external" configuration we know providers already use. Note that if one
endpoint is cluster-local, and the other is cluster-external, tokens can
still only be validated in-cluster, because both endpoints must be
accessible to Relying Parties that validate tokens.
 2021-04-29 08:56:02 -07:00
Claudiu Belu
b53958342d pause image: Uses kube-cross image to build windows binaries 
kube-cross:v1.16.3-1 contains x86_64-w64-mingw32, which will allow us to
build Windows binaries. With this, we won't have to rely on the dockerhub
image dockcross/windows-static-x64.
 2021-04-26 14:33:06 +00:00
Kubernetes Prow Robot
425e33bd50
Merge pull request #101100 from springasa/springasa-patch-1 
Simplify the repeat lines in build/root/Makefile
 2021-04-18 11:16:35 -07:00
Stephen Augustus
fac97f8a9b [go1.16] Update to go1.16.3 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-04-16 19:56:51 -04:00
Kubernetes Prow Robot
3ed71cf190
Merge pull request #100976 from jindijamie/master 
releng: Update debian-base and debian-iptables to buster-v1.6.0 to patch base image CVEs
 2021-04-16 12:56:34 -07:00
sure freeing go
fa774535eb
Simplify the repeat lines in build/root/Makefile 2021-04-14 17:33:51 +08:00
jindijamie
f44116ce49
Update dependencies.yaml 2021-04-12 14:31:36 -07:00
jindijamie
7e7a6284be update debian-base to buster-v1.5.0 for CVEs 2021-04-09 19:27:10 +00:00
Sascha Grunert
33e0e035ea
Update cri-tools to v1.21.0 
This updates crictl to the latest available release.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-04-09 11:05:13 +02:00
Kubernetes Prow Robot
e49ba9dff6
Merge pull request #99740 from aramprice/make-kube-cross-image-registry-name-configurable 
Add docs for KUBE_BASE_IMAGE_REGISTRY, update code comment
 2021-04-08 15:59:26 -07:00
Davanum Srinivas
57ddfb7314
Switch to newer agnhost image 
We have an update to the image in
f9aaf71ccb, we need to bump to use this
image.

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-03-30 20:15:36 -04:00
Andrey Smirnov
f9aaf71ccb test/e2e: fix the OIDC discovery test with ECDSA service account key 
By default oidc library enables only `RS256` signature validation
method.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
 2021-03-30 22:58:50 +03:00
Adolfo García Veytia (Puerco)
999a1f5c76 Add KUBE_BUILD_CONFORMANCE on package-tarballs target 
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
 2021-03-25 18:20:36 -06:00
Ernest Wong
42011ecfe4
test image: bump agnhost version to 2.30 
Signed-off-by: Ernest Wong <chuwon@microsoft.com>
 2021-03-19 11:12:45 -07:00
Kubernetes Prow Robot
72cc3f2112
Merge pull request #99860 from chewong/fix-99470 
agnhost: resolve service account issuer URL before invoking oidc.NewProvider
 2021-03-16 14:49:30 -07:00
Kubernetes Prow Robot
2a26f276a8
Merge pull request #97963 from saschagrunert/pause-non-root 
Run pause image as non-root user and group
 2021-03-16 05:30:36 -07:00
Ernest Wong
573535691b
agnhost: resolve service account issuer URL before invoking oidc.NewProvider 
Signed-off-by: Ernest Wong <chuwon@microsoft.com>
 2021-03-15 19:14:14 -07:00
Sascha Grunert
273fdd7686
Build conformance issue when building via cross or cross-in-a-container 
This enables building the conformance image when running `make
cross-in-a-container`, which is being used by the release engineering
tooling.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-03-15 15:29:04 +01:00
aram price
c4bae5658f Update build/README.md and build/root/Makefile 
* build/README.md includes info about KUBE_BASE_IMAGE_REGISTRY
* build/root/Makefile contains the correct default value for KUBE_BASE_IMAGE_REGISTRY
 2021-03-12 14:21:56 -08:00
Kubernetes Prow Robot
7139f08763
Merge pull request #99592 from Joseph-Goergen/fix-buildimage-dockerfile 
Fixed the Dockerfile for the build-image to build from KUBE_BASE_IMAGE_REGISTRY
 2021-03-11 15:02:18 -08:00
Sascha Grunert
aad711f399
Run pause image as non-root user and group 
We now build the pause image to use a pseudo user and group 65535:65535.
This increases the security aspect of the container image, if a
vulnerability would directly affect the pause container.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2021-03-11 09:29:45 +01:00
Kubernetes Prow Robot
91a7be0c2f
Merge pull request #98884 from fedepaol/hostnetworkudp 
Network Tests: bind host network udp listeners to hostIPs
 2021-03-11 00:18:24 -08:00
Stephen Augustus
13ef775df2 [go1.16] Update to go1.16.1 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-03-10 19:06:57 -05:00
Joseph Goergen
4d440889ff Fixed the Dockerfile for the build-image to build from KUBE_BASE_IMAGE_REGISTRY 
related: https://github.ibm.com/alchemy-containers/armada-update/issues/1791
 2021-03-10 16:07:51 -06:00
Benjamin Elder
b85bc6013f support additional WHAT= when building release-images / quick-release-images 2021-03-09 15:52:53 -08:00
Federico Paolinelli
b69bc865b4 Bump up the agnhost version used 
This is needed to consume the changes in https://github.com/kubernetes/kubernetes/pull/98883

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
 2021-03-09 18:39:31 +01:00
Kubernetes Prow Robot
2d3acce39b
Merge pull request #99752 from pacoxu/coredns/promote 
update cluster/dns/coredns to 1.8.0 as kubeadm
 2021-03-08 12:07:28 -08:00
Benjamin Elder
aaa9280955 drop bazel from build/README.md 2021-03-07 15:27:44 -08:00
Benjamin Elder
b7f1cf7683 remove bazel from the makefile 2021-03-07 13:01:17 -08:00
Federico Paolinelli
f6451c93b1 Bump up agnhost version to 2.29 
This is to consume the changes for binding the udp listeners of netexec
to specific addresses.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
 2021-03-05 10:49:09 +01:00
pacoxu
2185bb40d5 update clustere/dns/coredns to 1.8.0 as kubeadm 2021-03-05 09:38:15 +08:00
Kubernetes Prow Robot
9658145f8a
Merge pull request #99655 from liggitt/min-go-version 
Update go version check to 1.16+
 2021-03-03 20:13:59 -08:00
Stephen Augustus
093967606b hack/tools: Update zeitgeist to v0.2.0 to drop import cycle 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-03-03 05:42:05 -05:00
Jordan Liggitt
5e9189289e Update go version check to 1.16+ 2021-03-02 15:11:46 -05:00
Lubomir I. Ivanov
33aa64d7fd build/dependencies.yaml: update Docker to 20.10 2021-03-02 21:41:18 +02:00
Stephen Augustus
ee500e0647 [go1.16] Use go-runner:v2.3.1-go1.16-buster.0 image 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-03-02 00:38:00 -05:00
Stephen Augustus
274133fe11 [go1.16] Update to go1.16 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-03-02 00:38:00 -05:00
Benjamin Elder
603c942e41 drop directories that only contained bazel-related sources 2021-02-28 15:17:30 -08:00
Benjamin Elder
b1b2f239fe remove bazel related entries in build/dependencies.yaml 2021-02-28 15:17:30 -08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Kubernetes Prow Robot
5491484aa9
Merge pull request #99386 from BenTheElder/conformance-on-release 
don't default to building conformance image for fastbuilds (quick-rel…
 2021-02-26 14:50:46 -08:00
Jake Sanders
4b83c760a9 Split the setcap image from the base images, make them easier to override 2021-02-24 12:49:08 -08:00
Kubernetes Prow Robot
d25986b8a6
Merge pull request #99379 from vinayakankugoyal/kappa 
Make the registry for the server-images templated in the Dockerfiles.
 2021-02-23 18:27:07 -08:00
Benjamin Elder
a3a650f246 don't default to building conformance image for fastbuilds (quick-release) 
continue defaulting to building it for release builds
 2021-02-23 17:41:27 -08:00
Vinayak Goyal
b4c330ab72 Make the registry for the server-images templated in the Dockerfiles. 2021-02-23 13:40:13 -08:00