github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
98,044 Commits 1 Branch 31 Tags 1,019 MiB
b1f2960160
Commit Graph

66 Commits

Author SHA1 Message Date
Skyler Clark
b1f2960160
locks sysctls to on 2021-02-22 09:37:14 -05:00
Mayank Kumar
9a6f1e807e Promote RunAsGroup to GA 2021-02-18 13:32:54 -08:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Shihang Zhang
ff641f6eb2 mv TokenRequest and TokenRequestProjection to GA 2020-10-29 20:47:01 -07:00
Andrew Sy Kim
2e56866c97 move apparmor annotation constants to k8s.io/api/core/v1 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-06 10:22:04 -04:00
Kubernetes Prow Robot
357d3c9f93
Merge pull request #89584 from kevtaylor/kep/VolumeSubpathExpansion-Remove-FeatureGate 
Remove VolumeSubpathEnvExpansion Feature Gate
 2020-03-31 20:03:27 -07:00
Kevin Taylor
9fd48b4039 Remove VolumeSubpathEnvExpansion Feature Gate 2020-03-27 16:28:33 +00:00
Shihang Zhang
b56da85a77 sync api/v1/pod/util with api/pod/util and remove DefaultContainers 2020-03-24 16:42:32 -07:00
Ted Yu
e0dbbf0a65 Visitors of Configmaps and Secrets should specify which containers to visit 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-03-20 07:59:44 -07:00
Kubernetes Prow Robot
264e2f1744
Merge pull request #88488 from gnufied/implement-fix-recursive-chown 
Implement changes for fsgroup recursive chown
 2020-03-05 21:39:30 -08:00
Ted Yu
af0e1319c3 Allow container visitor to operate on selected container types 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-03-05 11:48:00 -08:00
Hemant Kumar
f7509d277e Define new type for storing volume fsgroupchangepolicy 
Address review comments for api change
 2020-03-04 21:23:27 -05:00
Kubernetes Prow Robot
497a998ba6
Merge pull request #88654 from ddebroy/gmsa-disable1 
Promote GMSA support for Windows to GA
 2020-03-04 02:32:01 -08:00
Deep Debroy
16d221e407 Promote GMSA to GA 
Signed-off-by: Deep Debroy <ddebroy@docker.com>
 2020-03-04 02:56:21 +00:00
Jan Safranek
2c1b743766 Promote block volume features to GA 2020-02-28 20:48:38 +01:00
marosset
d44a30f0ed Moving Windows RunAsUserName feature to GA 2020-02-20 22:08:18 +00:00
Lee Verberne
cbbe7d1bb9 Remove checks for PodShareProcessNamespace feature gate 2019-10-31 17:15:23 +00:00
Kevin Taylor
cb8a7c1a4c Promote VolumeSubpathEnvExpansion feature gate to GA 2019-10-10 09:34:40 +01:00
Jordan Liggitt
802e765444 Preserve existing ephemeral containers on update, validate unconditionally 2019-08-02 20:00:01 -04:00
Lee Verberne
013f049ce0 Add Ephemeral Containers to the Kubernetes core API 2019-07-22 11:19:22 +00:00
James Sturtevant
e8b369ff3c Windows: Adds RunAsUserName field in WindowsOptions 
Adds the field RunAsUserName in the WindowsSecurityContextOptions type,
which is used in PodSecurityContext and SecurityContext.

This field needs to allow for a valid set of usernames allowed for
Windows containers. It must have the format "U

This commit also validates the runAsUserName field, making sure that it valid,
having the format DOMAIN\USER (case insensitive), where DOMAIN\ is optional and
has to be a valid NetBios or DNS domain name.

For more information about the restrictions on the DOMAIN and USER parts, look here: [1] [2]

Adds the WindowsRunAsUserName alpha feature gate. By default, it is disabled.
If the feature gate is not enabled, the WindowsOptions.RunAsUserName field
will be dropped from both the PodSecurityContext and container
SecurityContext.

Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>

[1] https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
[2] https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1
 2019-07-17 15:03:04 +00:00
Khaled Henidak(Kal)
81468e2696 api: dropDisabledFields 2019-07-02 15:39:06 +00:00
Kubernetes Prow Robot
1215aa73d2
Merge pull request #79176 from verb/debug-iterate-containers 
Add helpers for iterating containers in a pod
 2019-06-25 09:32:52 -07:00
draveness
ca6003bc75 feat: cleanup PodPriority features gate 2019-06-23 11:57:24 +08:00
Lee Verberne
ee821e2a04 Create helpers for iterating containers in a pod 2019-06-21 08:32:04 +00:00
Jordan Liggitt
899d00a529 Fix incorrect procMount defaulting 2019-06-10 22:01:54 -04:00
Jean Rouge
a3e914528a API changes for Windows GMSA support 
This patch comprises the API changes outlined in the Windows GMSA KEP
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md)
to add GMSA support to Windows workloads.

It includes validation, as well as dropping fields if the `WindowsGMSA` feature
flag is not set, both with unit tests.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-05-16 15:32:59 -07:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
Vladimir Vivien
4ec7d2305d CSI Inline Volume - API changes 2019-03-08 12:35:07 -05:00
Minhan Xia
562bc03cf6 promote PodReadinessGate feature to GA 2019-02-25 16:28:29 -08:00
Kevin Taylor
a64b854137 Implementation of KEP Feature Gate VolumeSubpathEnvExpansion 2019-02-20 01:37:16 +00:00
jennybuckley
6b2e4682fe Minor fixes 2019-02-04 13:51:49 -08:00
Antoine Pelisse
0e1d50e70f API Machinery, Kubectl and tests 2019-02-04 13:51:48 -08:00
Kubernetes Prow Robot
52d4500f23
Merge pull request #72714 from mourya007/features_gate 
Move TokenRequestProjection feature gate out of validation
 2019-01-11 15:53:51 -08:00
mourya007
d0b35d1b05 Move TokenRequestProjection feature gate out of validation 2019-01-11 00:49:30 +05:30
Rajath Agasthya
5de2d7694d Remove Sysctls feature gate from validation 2019-01-09 18:56:11 -08:00
Kubernetes Prow Robot
49891cc270
Merge pull request #72698 from rajathagasthya/podsharepsnamespace-72651 
Move PodShareProcessNamespace feature gate out of validation
 2019-01-09 07:40:00 -08:00
Rajath Agasthya
86165ac878 Move pod ReadinessGates feature gate out of validation 2019-01-08 21:37:43 -08:00
Rajath Agasthya
4e1d4caa8f Move PodShareProcessNamespace feature gate out of validation 2019-01-08 14:31:51 -08:00
Jordan Liggitt
cd4f626f66 Move AppArmor feature-gate checking out of validation 2019-01-07 15:10:11 -05:00
Jordan Liggitt
12dd768bee Pass pod annotations into DropDisabledFields() 2019-01-07 14:44:20 -05:00
Zheng Dayu
020e54cce7 add unit test for RunAsGroup in both pod and podsecuritypolicy 2018-12-31 01:10:06 +08:00
Serguei Bezverkhi
5bf84db713 VolumeDevices validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-27 17:31:10 -05:00
Serguei Bezverkhi
4ad98db3c0 EmptyVolume SizeLimit validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-27 13:07:26 -05:00
Serguei Bezverkhi
587c5d7263 PodPriority validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-22 08:54:40 -05:00
Serguei Bezverkhi
1778d64a59 ProcMount validation and testing 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-20 14:43:52 -05:00
Serguei Bezverkhi
27a8967555 RuntimeClass validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-19 15:01:28 -05:00
Jordan Liggitt
de96583d8c drop subpath from pod spec when the feature is disabled and the old spec did not use subpaths 2018-12-18 10:21:22 -05:00
Jordan Liggitt
e486d486b1 Plumb old pod spec into DropDisabledFields methods 2018-12-17 12:49:29 -05:00
Jordan Liggitt
49028df5f9 Rename DropDisabledFields 2018-12-17 12:08:25 -05:00