github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
120,136 Commits 1 Branch 31 Tags 1,019 MiB
ae185414f4
Commit Graph

3941 Commits

Author SHA1 Message Date
Michal Wozniak
cf0b74774f Extend the API for the Job job-index-failure-count annotation 2023-07-18 16:41:11 +02:00
Michal Wozniak
fcbfdc1710 Extend the Job API for BackoffLimitPerIndex 2023-07-18 11:28:15 +02:00
Kubernetes Prow Robot
d17f3ba2cf
Merge pull request #119168 from gjkim42/sidecar-allow-probes-and-lifecycle-hooks 
Allow all probes and lifecycle for restartable init containers
 2023-07-17 18:11:07 -07:00
Kubernetes Prow Robot
704970877e
Merge pull request #119380 from A-Hilaly/api-server/webhooks/match-conditions-beta-graduations 
Graduate `AdmissionWebhookMatchCondition` to beta
 2023-07-17 16:55:07 -07:00
Gunju Kim
3bf282652f
Allow restartable init containers to have lifecycle 2023-07-18 08:12:24 +09:00
Gunju Kim
7ef2d674e2
Allow restartable init containers to have livenessProbe 2023-07-18 07:54:33 +09:00
Gunju Kim
2c8b37498e
Allow restartable init containers to have readinessProbe 2023-07-18 07:54:33 +09:00
Gunju Kim
8b20dbd0d1
Add validateStartupProbe 2023-07-18 07:54:32 +09:00
Amine
94c8ad289b Enable admissionWebhookMatchCondition by default 2023-07-17 22:40:55 +01:00
Hemant Kumar
2e217e8cea Reduce duplication between helpers for checking featuregate 2023-07-17 15:34:45 -04:00
Hemant Kumar
137474e283 Fix validation options for old pvc 
Also update comments on allocatedresourcestatuses fields
 2023-07-17 15:30:36 -04:00
Hemant Kumar
f01a1faa8c Update comments about allocatedResourceStatus 
Update API types with more comments
 2023-07-17 15:30:36 -04:00
Hemant Kumar
6a780f57ce Update generated data 2023-07-17 15:30:36 -04:00
Hemant Kumar
e011187114 Update code to use new generic allocatedResourceStatus field 2023-07-17 15:30:35 -04:00
Amine
0074b24ca4 Graduate AdmissionWebhookMatchCondition to beta 2023-07-17 18:19:35 +01:00
Aohan Yang
7c6e399b22 Generated code for IP mode field 2023-07-17 16:01:59 +08:00
Aohan Yang
e6863757f4 Add IP mode field 2023-07-17 15:51:40 +08:00
Kubernetes Prow Robot
8a0ea1bd58
Merge pull request #109616 from wzshiming/feat/pod-host-ips 
Field `status.hostIPs` added for Pod
 2023-07-15 00:31:04 -07:00
Cici Huang
13172cba5c
ValidatingAdmissionPolicy: support namespace access (#118267) 
* Support namespace access from cel expression in validatingadmissionpolicy.

* Whitelist the exposed fields in namespace object and add test

* better handling of cluster-scoped resources.

* [API REVIEW] namespaceObject in Expression doc.

* compatibility with composition.

* generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh

* workaround namespace of namespace is unexpectedly set.

* basic test coverage for namespaceObject.

---------

Co-authored-by: Jiahui Feng <jhf@google.com>
 2023-07-14 17:53:08 -07:00
Shiming Zhang
3e2a1a7b9c Regenerate 2023-07-14 09:43:16 +08:00
Shiming Zhang
14b09c414a Add DownwardAPI validation for status.hostIPs 2023-07-14 09:35:31 +08:00
Shiming Zhang
bf030fd68a Add validate HostIPs 2023-07-14 09:35:30 +08:00
Shiming Zhang
267e76a66e Add status.hostIPs in validEnvDownwardAPIFieldPathExpressions 2023-07-14 09:35:30 +08:00
Shiming Zhang
c287943bdd Add status.hostIPs in ConvertDownwardAPIFieldLabel 2023-07-14 09:35:30 +08:00
Shiming Zhang
7a81ef6406 Add fuzzer for PodStatus 2023-07-14 09:35:30 +08:00
Shiming Zhang
e061143de7 Add HostIPs field and update PodIPs field 2023-07-14 09:35:30 +08:00
Mike Spreitzer
ce90eb2cc2 Fix validation to use field.Forbidden instead of Required 
Co-authored-by: David Eads <deads2k@users.noreply.github.com>
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:02:28 +00:00
Abu Kashem
3754d2da20 apf: allow admin to change the Exempt field only of the exempt pl 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:01:29 +00:00
Abu Kashem
f8e4e8abac apf: add validation to exempt for borrowing 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:01:09 +00:00
Mike Spreitzer
f78d6062eb Update generated code for APF borrowing by exempt 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:00:06 +00:00
Mike Spreitzer
a9d8cace1f Fix AutoUpdateAnnotationKey, NominalConcurrencyShares 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 00:47:58 +00:00
Abu Kashem
3d3240c8b4 apf: add API changes for borrowing by exempt pl 2023-07-14 00:47:28 +00:00
Jiahui Feng
b635f2a401
ValidatingAdmissionPolicy: Variable Composition (#118642) 
* [API REVIEW] Variable Composition

* lazy map.

* variable composition implementation.

* check variables during VAP validation.

* generated: ./hack/update-vendor.sh

* generated: UPDATE_COMPATIBILITY_FIXTURE_DATA

(cd staging/src/k8s.io/api/ && env UPDATE_COMPATIBILITY_FIXTURE_DATA=true go test)

* cost calucation.

* tests for cost calculations.

* e2e test for variables.

* fix doc for Validation.Expression.

* generated: ./hack/update-codegen.sh

* fix missing utilruntime import.

* generated: ./hack/update-openapi-spec.sh
 2023-07-13 17:13:28 -07:00
Kubernetes Prow Robot
fc798a8dc1
Merge pull request #118520 from jpbetz/validate-unique 
Add merge map key validation to StorageVersions
 2023-07-13 14:43:49 -07:00
Kubernetes Prow Robot
a9e40bd7c6
Merge pull request #114307 from rphillips/promote_probe_termination_grace_period 
ProbeTerminationGracePeriod promote to GA
 2023-07-13 13:41:38 -07:00
Kubernetes Prow Robot
3f1704dfbd
Merge pull request #119296 from pohly/dra-pod-resource-claim-status-validation 
dra API: ensure that pod status contains no duplicate resource claims
 2023-07-13 12:39:49 -07:00
Patrick Ohly
ddc0d94790 dra API: ensure that pod status contains no duplicate resource claims 
This is a follow-up to https://github.com/kubernetes/kubernetes/pull/117351
which just got merged.
 2023-07-13 18:41:40 +02:00
dprotaso
610509fedd Update standard app protocols 
Add websocket support - see https://github.com/kubernetes/enhancements/pull/3996
 2023-07-12 08:28:50 -04:00
Patrick Ohly
0fc62d5ded dra: generated files 2023-07-11 14:23:48 +02:00
Patrick Ohly
444d23bd2f dra: generated name for ResourceClaim from template 
Generating the name avoids all potential name collisions. It's not clear how
much of a problem that was because users can avoid them and the deterministic
names for generic ephemeral volumes have not led to reports from users. But
using generated names is not too hard either.

What makes it relatively easy is that the new pod.status.resourceClaimStatus
map stores the generated name for kubelet and node authorizer, i.e. the
information in the pod is sufficient to determine the name of the
ResourceClaim.

The resource claim controller becomes a bit more complex and now needs
permission to modify the pod status. The new failure scenario of "ResourceClaim
created, updating pod status fails" is handled with the help of a new special
"resource.kubernetes.io/pod-claim-name" annotation that together with the owner
reference identifies exactly for what a ResourceClaim was generated, so
updating the pod status can be retried for existing ResourceClaims.

The transition from deterministic names is handled with a special case for that
recovery code path: a ResourceClaim with no annotation and a name that follows
the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod
claim and gets added to the pod status.

There's no immediate need for it, but just in case that it may become relevant,
the name of the generated ResourceClaim may also be left unset to record that
no claim was needed. Components processing such a pod can skip whatever they
normally would do for the claim. To ensure that they do and also cover other
cases properly ("no known field is set", "must check ownership"),
resourceclaim.Name gets extended.
 2023-07-11 14:23:48 +02:00
twelcon
70f979c8da
Alert message improved according to standards 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-07-10 17:13:35 +05:30
Gunju Kim
c187b38117 Sidecar: Generated code 2023-07-07 21:39:35 +00:00
Gunju Kim
5d26bcd468 Sidecar: API changes 
- Add SidecarContaienrs feature gate
- Add ContainerRestartPolicy type
- Add RestartPolicy field to the Container
- Drop RestartPolicy field if the feature is disabled
- Add validation for the SidecarContainers
- Allow restartable init containaers to have a startup probe
 2023-07-07 21:39:34 +00:00
Kubernetes Prow Robot
cd32adebd9
Merge pull request #118386 from Richabanker/enhance-storage-version 
Add servedVersions info in StorageVersion API
 2023-07-05 19:23:02 -07:00
Kubernetes Prow Robot
c2b7d25ff8
Merge pull request #118691 from giuseppe/drop-check-for-volumes 
apis: drop check for volumes with user namespaces
 2023-06-29 16:23:56 -07:00
Richa Banker
1c48b7ec14 Add servedVersions info in StorageVersion API 2023-06-29 15:40:54 -07:00
Kubernetes Prow Robot
960830bc66
Merge pull request #118102 from RomanBednar/retro-sc-assignment-ga 
graduate RetroactiveDefaultStorageClass feature to GA in 1.28
 2023-06-27 20:46:32 -07:00
Giuseppe Scrivano
556d713a4a
apis: drop check for volumes with user namespaces 
The second phase of user namespaces support was related to supporting
only stateless pods.  Since the changes were accepted for the KEP, now
the scope is extended to support stateful pods as well.  Remove the
check that blocks creating PODs with volumes when using user namespaces.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2023-06-22 15:15:42 +02:00
twelcon
9d4b489107
Renaming restartPolicy to containerRestartPolicy for better calrity 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-06-21 12:33:14 +05:30
twelcon
01c2c4f35f
Error test cases added 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-06-20 19:42:17 +05:30
twelcon
a609beb6b1
Decline on resizePolicy if the restartPolicy is Never 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-06-20 18:48:47 +05:30
Kubernetes Prow Robot
1de217b095
Merge pull request #118278 from mimowo/fix-pod-failure-policy-comments 
Update podFailurePolicy comment from alpha-level to beta
 2023-06-12 13:46:49 -07:00
Roman Bednar
ac15d69757 remove RetroactiveDefaultStorageClass feature gate checks 2023-06-07 14:31:16 +02:00
Roman Bednar
6afb363ca1 test: remove RetroactiveDefaultStorageClass feature gate 
Since the feature is GA and locked to true, tests can no longer set it
to false. Cleaning up by removing all references to this feature gate
from tests.

Feature gate will be removed in v1.29.
 2023-06-07 14:31:16 +02:00
Roman Bednar
97a81a59f6 test: correct validation test error message 2023-06-07 14:31:16 +02:00
kerthcet
96ab232f5f Remove reasons from PodConditionType 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2023-06-07 11:47:47 +08:00
Joe Betz
b5db644422 Add merge map key validation to StorageVersions 2023-06-06 20:26:43 -04:00
Kubernetes Prow Robot
0bb17a88fa
Merge pull request #116741 from gjkim42/promote-expanded-dns-config-to-ga 
Promote ExpandedDNSConfig feature to the GA stage
 2023-05-30 18:19:56 -07:00
Michal Wozniak
926bc9bf8e Update podFailurePolicy comment from alpha-level to beta 2023-05-26 10:24:36 +02:00
Kubernetes Prow Robot
bc6cbdabbe
Merge pull request #117852 from tenzen-y/replace-deprecated-sets 
Job: Use generic Set in validation
 2023-05-24 14:47:00 -07:00
Kubernetes Prow Robot
b2522655b3
Merge pull request #117047 from charles-chenzz/add_continue 
replace deprecated set.String in storage/validation
 2023-05-24 02:48:49 -07:00
aleskandro
4c9887e3eb Updating the nodeAffinity of gated pods having nil affinity should be allowed 2023-05-18 07:44:34 +02:00
Joe Betz
f0f92853ad Add api-machinery TL owners permissions for jpbetz 2023-05-15 11:09:54 -04:00
Kubernetes Prow Robot
8479db5876
Merge pull request #117946 from lavalamp/lavalamp-taking-a-break 
lavalamp is taking a long break
 2023-05-12 14:34:47 -07:00
Yuki Iwai
2e2afc7fd2 Job: Use generic Set in validation 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-05-12 03:26:25 +09:00
Kubernetes Prow Robot
367180d781
Merge pull request #117933 from tenzen-y/replace-deprecated-Prt-utils 
Job: Replace deprecated pointer utils with supported ones
 2023-05-11 09:59:14 -07:00
Daniel Smith
1ffe3f467e lavalamp is taking a long break 2023-05-11 16:43:38 +00:00
Yuki Iwai
de882f5193 Job: Replace deprecated pointer utils with supported ones 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-05-11 19:29:14 +09:00
Tim Hockin
4bbf611773
Retool validation for pod HostNetwork ports 
This will ensure that HostPort == ContainerPort for pods and that
HostPort == 0 || HostPort == ContainerPort for embedded PodSpecs.
 2023-05-09 18:10:44 -07:00
Tim Hockin
ec3379a717
Do hostNet Pod-ports -> hostPorts in Pod defaults 
Rather than doing it in PodSpec defaulting, which triggers in
Deployments and DaemonSets, do it only when a Pod is actually in play.
 2023-05-09 18:10:20 -07:00
Kubernetes Prow Robot
6442024f1c
Merge pull request #116779 from jpbetz/cel-ratcheting 
Controlled rollout of CEL libraries and language feautres
 2023-05-08 09:51:40 -07:00
Joe Betz
e740f8340e Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables 2023-05-08 11:52:31 -04:00
Yuki Iwai
235c261196 Job: Fix a misspelling 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-05-09 00:25:45 +09:00
Ryan Phillips
ae08fe1e19 ProbeTerminationGracePeriod promote to GA 2023-05-05 14:27:54 -05:00
Jordan Liggitt
e807a6aec5
Disable NewVolumeManagerReconstruction feature gate 2023-05-04 16:41:20 -04:00
Kubernetes Prow Robot
7add692580
Merge pull request #117633 from kannon92/remove-job-tracking-finalizers 
remove tracking annotation from validation and webhooks
 2023-05-04 10:34:43 -07:00
Gunju Kim
b249b4ca9b
Promote ExpandedDNSConfig feature to the GA stage 2023-05-04 20:37:10 +09:00
Kubernetes Prow Robot
78833e1b33
Merge pull request #117713 from flant/ssr-ga 
KEP-3325: Promote SelfSubjectReview to GA
 2023-05-03 08:54:24 -07:00
m.nabokikh
40de26dcff KEP-3325: Promote SelfSubjectReview to GA 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-05-02 14:50:40 +02:00
Tim Hockin
d55b67b349
Clean up brace whitespace in **/validation_test.go 
This was making my eyes bleed as I read over code.

I used the following in vim.  I made them up on the fly, but they seemed
to pass manual inspection.

:g/},\n\s*{$/s//}, {/
:w
:g/{$\n\s*{$/s//{{/
:w
:g/^\(\s*\)},\n\1},$/s//}},/
:w
:g/^\(\s*\)},$\n\1}$/s//}}/
:w
 2023-05-02 00:48:42 -07:00
Kubernetes Prow Robot
d6471d01a4
Merge pull request #115843 from rikatz/remote-netpol-status 
Remove/Withdraw  NetworkPolicy Status
 2023-05-01 18:30:10 -07:00
Kubernetes Prow Robot
46852cab7f
Merge pull request #117570 from marosset/remove-hostprocess-containers-featuregate 
Removing WindowsHostProcessContainers feature-gate
 2023-05-01 14:24:11 -07:00
Mark Rossetti
ab9c8eb1e8
Removing WindowsHostProcessContainers feature-gate 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2023-05-01 13:30:38 -07:00
Ricardo Katz
ec997d5433 Generated files for NetworkPolicyStatus removal 2023-05-01 15:19:25 -03:00
Ricardo Katz
bff8a6cd9f Remove withdrawn feature NetworkPolicyStatus 2023-05-01 15:19:25 -03:00
Stephen Kitt
4911e9de4a
api: replace intstr.FromInt with intstr.FromInt32 
This touches cases where FromInt() is used on numeric constants, or
values which are already int32s, or int variables which are defined
close by and can be changed to int32s with little impact.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2023-05-01 09:16:15 +02:00
Kubernetes Prow Robot
d8bdddcab4
Merge pull request #117531 from mfordjody/master 
remove validation GCE-ism
 2023-04-28 18:28:16 -07:00
kannon92
6a4cf352b8 remove tracking annotation from validation and webhooks 2023-04-26 17:16:05 +00:00
Kubernetes Prow Robot
3125009dd1
Merge pull request #115487 from tongpu/docs/roleRef_immutable 
Add a comment to document that roleRef is immutable
 2023-04-25 03:36:27 -07:00
Kubernetes Prow Robot
56e17d6d67
Merge pull request #115168 from HirazawaUi/delte-pkg-apis-other-unused-functions 
remove unused not api functions in the pkg/apis directory
 2023-04-24 14:23:01 -07:00
Lukas Grossar
d76f5dae67
Add a comment to roleRef to document that it is immutable 2023-04-24 22:35:20 +02:00
mfordjody
c3384191ea remove validation GCE-ism 
update testing

update testing

update testing

update core and testing

update testing
 2023-04-24 14:27:37 +08:00
Kubernetes Prow Robot
25a25e27a9
Merge pull request #110477 from halfcrazy/feat/hostnetwork-fieldsel 
support fieldSelector spec.hostNetwork
 2023-04-21 18:13:11 -07:00
charles-chenzz
4de0d2c6f8 use generic set in storage/validation 2023-04-17 18:37:50 +08:00
Yan Zhu
7fb88eec73 support fieldSelector spec.hostNetwork 
Signed-off-by: Yan Zhu <hackzhuyan@gmail.com>
 2023-04-17 13:19:35 +08:00
Kubernetes Prow Robot
403a8fdf1e
Merge pull request #117043 from mouuii/mouuii-dev-0401-clean 
remove unnecessary check
 2023-04-14 14:24:41 -07:00
mouuii
becf73a82b add invaild scope test case 
Signed-off-by: mouuii <49775493+mouuii@users.noreply.github.com>
 2023-04-14 11:55:08 +08:00
Kubernetes Prow Robot
4c6d6aa482
Merge pull request #116602 from mattcary/fuzz 
Simplify statefulset fuzzer
 2023-04-13 17:24:38 -07:00
Tim Hockin
bc302fa414
Replace uses of ObjectReflectDiff with cmp.Diff 
ObjectReflectDiff is already a shim over cmp.Diff, so no actual output
or behavior changes
 2023-04-12 08:48:03 -07:00
Tim Hockin
29c0b73d64
Replace uses of diff.ObjectDiff with cmp.Diff 
ObjectDiff is already a shim over cmp.Diff, so no actual output or
behavior changes
 2023-04-12 08:46:12 -07:00
Tim Hockin
dd7af241c1
Replace diff.ObjectDiff with cmp.Equal 
More obvious and cheaper, and ObjectDiff is already written in terms of
cmp.
 2023-04-12 08:45:32 -07:00
Kubernetes Prow Robot
cafc23f624
Merge pull request #117182 from dddddai/http-headers 
Use case-insensitive header keys for http probes
 2023-04-12 03:42:31 -07:00
dddddai
10a8ec5b2c use case-insensitive header keys for http probes 2023-04-12 15:39:55 +08:00
yang-wang11
277c03fc79
remove these unrelated openapi files (#117051) 2023-04-11 20:20:49 -07:00
Kubernetes Prow Robot
c4ebf5f1e3
Merge pull request #116722 from luoqr96/myfeature 
Chore: test simplification for stateful set
 2023-04-11 18:19:37 -07:00
Kubernetes Prow Robot
d0fc9d16ce
Merge pull request #114800 from haoruan/feature-8976-spew-sprintf-refactor 
Capture spew.Sprintf() with all our favorite config into a util func
 2023-04-11 15:34:57 -07:00
Hao Ruan
f638e2849f replaced spew.Sprintf with a util pretty print function 2023-03-27 09:24:22 +08:00
Kubernetes Prow Robot
0c62b122c0
Merge pull request #116857 from vinaykul/restart-free-pod-vertical-scaling-fixes 
Call function that validates resize policy for in-place pod resize feature
 2023-03-24 10:42:21 -07:00
Lior Lieberman
6843c52060 remove kubernetes.io/grpc standard protocol 2023-03-22 18:33:49 +00:00
vinay kulkarni
0e9dd5c51d Call function that validates in-place vpa resize policy 2023-03-22 16:19:19 +00:00
Kubernetes Prow Robot
3cf9f66e90
Merge pull request #116743 from thockin/docs-clarify-publish-not-ready-endpoints 
Clarify EPSlice docs wrt the Ready conditions
 2023-03-21 23:14:35 -07:00
Qirui
ddc13e983b Chore: add selector labels tweak function 2023-03-22 11:02:25 +08:00
Qirui
4cab11f26f Chore: add persistent volume claim retention policy tweak function 2023-03-22 11:02:01 +08:00
Qirui
ba9dfe686f Chore: add persistent volume claim template tweak function 2023-03-22 11:01:37 +08:00
Qirui
f97d3cf748 Chore: add rolling update max unavailable type tweak function 2023-03-22 11:01:25 +08:00
Qirui
1b17b4fa79 Chore: add rolling update partition type tweak function 2023-03-22 11:01:04 +08:00
Qirui
f3ffeae426 Chore: add update strategy type tweak function 2023-03-22 11:00:46 +08:00
Qirui
5e0161b3de Chore: add labels tweak function 2023-03-22 11:00:25 +08:00
Qirui
ec34891782 Chore: add annotation tweak function 2023-03-22 10:51:54 +08:00
Qirui
b907d5af49 Chore: add finalizers tweak function 2023-03-22 10:51:41 +08:00
Qirui
18ba7c0e43 Chore: add ordinal start tweak function 2023-03-22 10:51:18 +08:00
Qirui
3eb34d8b6c Chore: add min ready seconds tweak function 2023-03-22 10:51:03 +08:00
Qirui
2161d095fa Chore: add template restart policy tweak function 2023-03-22 10:50:42 +08:00
Qirui
4418a9f590 Chore: add replicas tweak function 2023-03-22 10:49:51 +08:00
Qirui
7fc08e0ce7 Chore: add pod management policy tweak function 2023-03-22 10:48:29 +08:00
Qirui
77c7d6efcf Chore: add basic make function for stateful set 
Add name and namespace tweak functions
 2023-03-22 10:47:43 +08:00
Jiahui Feng
33c3fe3f74 differentiate kinds of expressions. 2023-03-20 12:13:21 -07:00
Tim Hockin
78530ec0a8
Clarify EPSlice docs wrt the Ready conditions 
`publishNotReadyAddresses` is an explicit override, so this makes it
clear that is OK.
 2023-03-19 09:28:58 -07:00
vinay kulkarni
0ee5d43d74 Add unit tests covering ephemeral storage resource combinations 2023-03-17 05:43:30 +00:00
vinay kulkarni
07c567a848 Add missing unit test for resource resize policy defaulting 2023-03-17 05:43:30 +00:00
Taahir Ahmed
2e4b637bf8 ClusterTrustBundles: make update 2023-03-15 20:10:59 -07:00
Taahir Ahmed
6a75e7c40c ClusterTrustBundles: Define types 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
 2023-03-15 20:10:18 -07:00
Max Smythe
e5fd204c33
Custom match criteria (#116350) 
* Add custom match conditions for CEL admission

This PR is based off of, and dependent on the following PR:

https://github.com/kubernetes/kubernetes/pull/116261

Signed-off-by: Max Smythe <smythe@google.com>

* run `make update`

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Update compatibility test data

Signed-off-by: Max Smythe <smythe@google.com>

* Revert "Update compatibility test data"

This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.

* Allow params during validation; make match conditions optional

Signed-off-by: Max Smythe <smythe@google.com>

* Add conditional ignoring of matcher CEL expression validation on update

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Add more validation tests

Signed-off-by: Max Smythe <smythe@google.com>

* Short-circuit CEL matcher when no matchers specified

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Address review comments

Signed-off-by: Max Smythe <smythe@google.com>

---------

Signed-off-by: Max Smythe <smythe@google.com>
 2023-03-15 17:23:15 -07:00
Rob Scott
9e571c0424
Adding validation for topology annotations 
Change-Id: I50b3b05b859c69e98daca7c8fca0d3a76024eb80
 2023-03-15 18:37:02 +00:00
Kubernetes Prow Robot
8decaf3ae7
Merge pull request #115447 from kidddddddddddddddddddddd/ingress 
[ingress] Create with ingressClass annotation and IngressClassName both set
 2023-03-15 02:02:16 -07:00
Igor Velichkovich
5e5b3029f3
Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen
 2023-03-14 20:28:26 -07:00
Kubernetes Prow Robot
ae36991498
Merge pull request #116332 from klueska/extend-resourceclaimstatus 
Update resource.AllocationResult with a slice of ResourceHandlers
 2023-03-14 19:26:50 -07:00
Kubernetes Prow Robot
9053b5dc2c
Merge pull request #116119 from vinaykul/restart-free-pod-vertical-scaling-fixes 
Restructure resize policy naming and set default resize policy values
 2023-03-14 19:26:42 -07:00
Lior Lieberman
812d55d230
Updated: Redefine AppProtocol field description and add new standard values (#115433) 
* redefine app protocol and add standard values

* change k8s.io/http2 to k8s.io/h2c

* address feedback

* Update staging/src/k8s.io/api/discovery/v1/types.go

Co-authored-by: Rob Scott <rob.scott87@gmail.com>

* remove kubernetes.io/tcp and change wording

---------

Co-authored-by: Rob Scott <rob.scott87@gmail.com>
 2023-03-14 19:26:33 -07:00
Kubernetes Prow Robot
f44d561c1f
Merge pull request #115075 from aojea/ipaddress 
IPAddress allocator
 2023-03-14 19:26:13 -07:00
Kubernetes Prow Robot
f3aebc85b9
Merge pull request #114930 from kannon92/add-new-labels 
Add batch.kubernetes.io to labels created in the Job controller.
 2023-03-14 17:44:13 -07:00
Kubernetes Prow Robot
9c1d73bfd6
Merge pull request #116581 from humblec/csiNodeExpand 
Update NodeExpandSecretRef comment for beta
 2023-03-14 16:34:56 -07:00
Kubernetes Prow Robot
f315a4669a
Merge pull request #116576 from pohly/dra-core-validation 
api: extend validation of dynamic resource allocation fields in PodSpec
 2023-03-14 16:34:48 -07:00
Kubernetes Prow Robot
f7bcff44cd
Merge pull request #116425 from jsafrane/flip-selinux 
Flip SELinuxMountReadWriteOncePod to Beta
 2023-03-14 16:34:41 -07:00
Antonio Ojea
ba42ed9a49 make update 
Change-Id: I19e12ca05d977dca63043cb07ecf8a90e0e525c5
 2023-03-14 22:58:12 +00:00
Antonio Ojea
c36562dfd7 IPAddress validation 
Validate IPAddress name is in canonical format
Validate ParentRef is required, and Resource and Name.
Validate IPAddress is inmutable on update.
 2023-03-14 22:56:44 +00:00
Antonio Ojea
036f57f3cb Add IPAddress API 
Change-Id: I9cf710f011b58409ab880d3b2e7f841f228ee5ee
 2023-03-14 22:56:44 +00:00
Kevin Klues
452f345c47 Update generated code for resource.k8s.io/v1alpha2 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2023-03-14 22:41:44 +00:00
Kevin Klues
da0b75f8f9 Update validation for recent changes to resource.k8s.io/v1alpha2 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2023-03-14 22:34:18 +00:00
Kevin Klues
53dda4ffe2 Update AllocationResult and ResourceHandle for resource.k8s.io/v1alpha2 
This implements the change outlined in the following KEP update:
https://github.com/kubernetes/enhancements/pull/3802

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2023-03-14 22:34:18 +00:00