github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,061 Commits 1 Branch 31 Tags 1,019 MiB
acb43c7c4a
Commit Graph

1080 Commits

Author SHA1 Message Date
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Tim Hockin
819ff9b087
Use topology labels instead of old beta names (#96033) 
* Rename const for topology.../zone

* Rename const for topology.../region

* Rename const for failure-domain.../zone

* Rename const for failure-domain.../region

* Restore old names for compat
 2020-11-05 20:26:50 -08:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
cici37
95acec5a3b Move client_builder to k8s.io/controller-manager 2020-10-19 14:48:22 -07:00
shuang zhang
f0ea54070b Replace AreLabelsInWhiteList with isSubset 2020-10-05 22:07:47 +08:00
Kubernetes Prow Robot
ccfdc09f35
Merge pull request #91683 from tedyu/mirror-pod-owner-ref 
Mirror pod without OwnerReference should not be created
 2020-09-25 11:02:48 -07:00
Kubernetes Prow Robot
e7b9453972
Merge pull request #93537 from timuthy/enhancement.move-resourcequota 
Move ResourceQuota admission to k8s.io/apiserver lib
 2020-09-15 12:26:58 -07:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Tim Usner
70d440bc7e Move ResourceQuota admission to k8s.io/apiserver 2020-09-04 14:53:52 +02:00
Kubernetes Prow Robot
bb9ae50888
Merge pull request #93389 from fisherxu/return-err 
Return err directly when nodename in node object is not consistent with in cert
 2020-08-28 06:37:12 -07:00
xufei 00416946
f787db2508 return err directly when nodename is not consistent in cert 2020-07-25 09:10:32 +08:00
Patrick Ohly
c05c8e915b GenericEphemeralVolume: feature gate, API, documentation 
As explained in
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1698-generic-ephemeral-volumes,
CSI inline volumes are not suitable for more "normal" kinds of storage
systems. For those a new approach is needed: "generic ephemeral inline
volumes".
 2020-07-09 11:02:59 +02:00
Paulo Gomes
8976e3620f
Add seccomp enforcement and validation based on new GA fields 
Adds seccomp validation.

This ensures that field and annotation values must match when present.

Co-authored-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 09:13:25 +01:00
Alex Wang
209117413f
Promote NonPreempt feature gate to beta (#91899) 
* update nonpreempt featuregate to beta

* update
 2020-06-30 00:02:56 -07:00
Kubernetes Prow Robot
71c352dee3
Merge pull request #87582 from mrueg/ptr 
PodTolerationRestriction: Mention Whitelist Scope in Error
 2020-06-29 13:07:59 -07:00
Shihang Zhang
613a712717 default to add projected fstype in psp when boundedserviceaccounttoken is enabled 2020-06-24 09:09:27 -07:00
Ted Yu
9f95fdd3cd Mirror pod without OwnerReference should not be created 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-06-21 08:00:17 -07:00
Christopher M. Luciano
92506a98fc
ingress: Update IngressClass feature and admission controller for v1 
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-06-17 12:11:31 -04:00
Jordan Liggitt
db4ca87d9d Switch CSR approver/signer/cleaner controllers to v1 2020-06-05 18:45:34 -04:00
Jordan Liggitt
0e062981d1 Detect PSP enablement more accurately 2020-06-03 13:14:19 -04:00
Jordan Liggitt
7049149181 Generated files 2020-05-28 16:53:23 -04:00
Jordan Liggitt
377adfa2b7 Make signer admission plugin check on condition update 2020-05-28 12:20:40 -04:00
Kubernetes Prow Robot
9f5d9a9bef
Merge pull request #91315 from jherrera123/master 
Fix runtime admission flaky test due to race condition
 2020-05-22 10:45:11 -07:00
Jesus Herrera
a5800ab4cb Fix linter and bazel errors 2020-05-21 23:06:56 -04:00
Jesus Herrera
6b8e2cc24e Fix runtime admission flaky test due to race condition 2020-05-20 20:29:51 -04:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Jiajie Yang
ae0e52d28c Monitoring safe rollout of time-bound service account token. 2020-04-22 11:59:16 -07:00
Jordan Liggitt
ba4d2aa076 Restrict node labels on Node create 2020-04-20 16:26:24 -04:00
Kubernetes Prow Robot
8a4bf39884
Merge pull request #82814 from porridge/patch-1 
Fix a couple of typos
 2020-04-14 06:20:13 -07:00
Andrew Sy Kim
2e56866c97 move apparmor annotation constants to k8s.io/api/core/v1 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-06 10:22:04 -04:00
m.nabokikh
ea32811cbd Fix service account names with a dot 
This fix provides the ability to mount service account tokens to pods. The core problem is the volumeName option can't contain any dots.
 2020-03-31 21:42:04 +04:00
Shihang Zhang
b56da85a77 sync api/v1/pod/util with api/pod/util and remove DefaultContainers 2020-03-24 16:42:32 -07:00
Ted Yu
e0dbbf0a65 Visitors of Configmaps and Secrets should specify which containers to visit 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-03-20 07:59:44 -07:00
Rob Scott
132d2afca0
Adding IngressClass to networking/v1beta1 
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-03-01 18:17:09 -08:00
Kubernetes Prow Robot
03b7f272c8
Merge pull request #88246 from munnerz/csr-signername-controllers 
Update CSR controllers & kubelet to respect signerName field
 2020-02-28 23:38:39 -08:00
Jefftree
d318e52ffe authentication webhook via network proxy 2020-02-27 17:47:23 -08:00
Jordan Liggitt
57ea7a11a6 Remove global variable dependency from runtimeclass admission 2020-02-27 15:23:52 -05:00
James Munnelly
d7e10f9869 Add Certificate signerName admission plugins 2020-02-27 15:50:14 +00:00
Manuel Rüger
eb6c716927 PodTolerationRestriction: Mention Whitelist Scope in Error 
Currently it's not clear if the issue came from the namespace whitelist
of if the namespace whitelist was not applied at all (i.e. via a misspelled
annotation). This makes the error more explicit if the pod tolerations
caused a conflict with cluster-level or namespace-level whitelist.

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2020-02-12 11:06:59 +01:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Mike Danese
968adfa993 cleanup req.Context() and ResponseWrapper 2020-01-29 08:50:45 -08:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
Jordan Liggitt
39e373fc45 Do not require token secrets when using bound service account tokens 2020-01-09 13:20:45 -05:00
Tim Allclair (St. Clair)
581d3e26c9 Restrict mirror pod owner references (#84657) 
* Restrict mirror pod owners.

See http://git.k8s.io/enhancements/keps/sig-auth/20190916-noderestriction-pods.md

* Address feedback, refactor test

* Verify node owner UID
 2019-11-14 20:52:16 -08:00
Kubernetes Prow Robot
195664db0e
Merge pull request #85099 from liggitt/quota-config-v1 
Promote apiserver.config.k8s.io/v1, kind=ResourceQuotaConfiguration
 2019-11-13 13:02:52 -08:00
draveness
5cb92260a6 feat: graduate ResourceQuotaScopeSelectors to GA 2019-11-13 14:07:22 +08:00
ravisantoshgudimetla
f2cbbe228f BUILD files 2019-11-12 17:22:14 -05:00