github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
124,096 Commits 1 Branch 31 Tags
b51d68bb87ba4fa47eb760f8a5e0baf9cf7f5b53
Commit Graph

1508 Commits

Author SHA1 Message Date
Micah Hausler
b251efe0ad Enhance node admission to validate kubelet CSR's CN 
Signed-off-by: Micah Hausler <mhausler@amazon.com>
 2024-07-20 19:06:00 -05:00
Kubernetes Prow Robot
8f265b6305 Merge pull request #126136 from cici37/removeFG 
Remove feature gate CustomResourceValidationExpressions
 2024-07-20 00:08:52 -07:00
Jordan Liggitt
4d535db8be Add selector authorization to the Node authorizer 2024-07-19 15:06:51 -04:00
David Eads
92e3445e9d add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-07-19 15:06:47 -04:00
Kubernetes Prow Robot
fa7fcde5a4 Merge pull request #125813 from aojea/node_csr_ips 
Node Request Certificates require to have IPs
 2024-07-18 14:50:48 -07:00
Kubernetes Prow Robot
595927da21 Merge pull request #125660 from saschagrunert/oci-volumesource-api 
[KEP-4639] Add `ImageVolumeSource` API
 2024-07-18 10:39:15 -07:00
Sascha Grunert
f7ca3131e0 Add ImageVolumeSource API 
Adding the required Kubernetes API so that the kubelet can start using
it. This patch also adds the corresponding alpha feature gate as
outlined in KEP 4639.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-18 17:25:54 +02:00
Antonio Ojea
bc63c412b9 kubelet request certificates if at least one IP exist 
A Kubernetes Node requires to have at minimum one IP address
because those are used on the Pods field HostIPs and in some cases,
when pods uses hostNetwork: true, as PodIPs.
Nodes that use IP addresses as Hostname are interpreted as an IP
address, so it is possible that are nodes that don't hane any DNSname.

The feature gate AllowDNSOnlyNodeCSR will allow user to opt-in for
the old behavior.

Change-Id: I094531d87246f1e7a5ef4fe57bd5d9840cb1375d
 2024-07-18 09:44:48 +00:00
Lukasz Szaszkiewicz
88f47b4b4d Revert "kube-apiserver: promote WatchList feature to beta" 
This reverts commit 0b15903b35.
 2024-07-18 09:29:24 +02:00
Kubernetes Prow Robot
c3bcd4fff0 Merge pull request #126139 from enj/enj/i/revert_list_cache 
Revert "Move ConsistentListFromCache to Beta default"
 2024-07-17 09:59:14 -07:00
Kubernetes Prow Robot
a8110d7174 Merge pull request #125259 from sohankunkerkar/bump-proc-mount-beta 
[KEP-4265] promote ProcMountType feature gate to beta
 2024-07-17 09:59:07 -07:00
Monis Khan
aeb51a16e3 Revert "Move ConsistentListFromCache to Beta default" 
This reverts commit 0c0e19b343.

During stress test for SVM controller, the controller is unable to
make a list call due to following error:

resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"

With the feature disabled, the stress test passes.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-07-16 23:12:16 -04:00
Cici Huang
67a171a142 Remove feature gate CustomResourceValidationExpressions. 2024-07-16 10:39:00 -07:00
Kubernetes Prow Robot
e785ef8d21 Merge pull request #125828 from haircommander/4033-beta 
KEP-4033: fulfill beta criteria
 2024-07-15 14:15:10 -07:00
Michal Wozniak
f1233ac5e0 JobPodFailurePolicy to GA 
# Conflicts:
#	pkg/controller/job/job_controller_test.go
 2024-07-12 17:21:32 +02:00
Kubernetes Prow Robot
1080554307 Merge pull request #124969 from RomanBednar/pv-phase-transition-time-ga 
graduate PersistentVolumeLastPhaseTransitionTime to GA in 1.31
 2024-07-11 15:29:19 -07:00
Kubernetes Prow Robot
cdcaea687c Merge pull request #125751 from ahg-g/elastic-job 
Graduate ElasticIndexedJob to GA
 2024-07-11 11:08:24 -07:00
Kubernetes Prow Robot
4a214f6ad9 Merge pull request #125461 from mimowo/pod-disruption-conditions-ga 
Graduate PodDisruptionConditions to stable
 2024-07-09 11:08:13 -07:00
Kubernetes Prow Robot
0a59545f4d Merge pull request #125838 from gauravkghildiyal/kep-4444-beta 
Promote ServiceTrafficDistribution feature-gate to beta and enable by default. Also add missing integration tests.
 2024-07-04 17:20:08 -07:00
Abu Kashem
ae647032a7 apiserver: remove feature gate APIPriorityAndFairness 2024-07-02 13:00:43 -04:00
Gaurav Ghildiyal
233010f2fa Change ServiceTrafficDistribution feature-gate to beta and enable by default. 2024-07-01 23:55:39 -07:00
Kubernetes Prow Robot
7e1a5a0ea8 Merge pull request #125687 from bart0sh/PR146-DevicePluginCDIDevices-LockToDefault 
kube_features: DevicePluginCDIDevices: LockToDefault
 2024-07-01 17:07:41 -07:00
Kubernetes Prow Robot
79fee524e6 Merge pull request #125483 from wojtek-t/storage_readiness_hook 
Implement resilient watchcache initialization post-start-hook
 2024-07-01 13:48:29 -07:00
Peter Hunt
1816cc7388 KEP-4033: bump to beta 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-07-01 15:22:15 -04:00
Wojciech Tyczyński
a5772bd425 Implement resilient watchcache initialization post-start-hook 2024-07-01 12:54:57 +02:00
Kubernetes Prow Robot
d729af9446 Merge pull request #125591 from p0lyn0mial/upstream-promote-watch-list-to-beta 
Promote WatchList feature to Beta
 2024-07-01 02:31:14 -07:00
ahg-g
be410c0dae Graduate ElasticIndexedJob to GA 2024-06-28 17:00:29 +00:00
Michal Wozniak
bf0c9885a4 Graduate PodDisruptionConditions to stable 2024-06-28 16:36:51 +02:00
Antonio Ojea
7a14b94205 promote feature gate MultiCIDRServiceAllocator to beta disabled by default 2024-06-28 10:38:37 +00:00
Kubernetes Prow Robot
d40676c227 Merge pull request #122047 from aojea/treeless 
KEP-1880 Multiple Service CIDRs: Graduate to Beta (1/2)
 2024-06-28 01:00:20 -07:00
Kubernetes Prow Robot
522e2e5066 Merge pull request #124917 from vinayakankugoyal/kep4633 
KEP-4633: Only allow anonymous auth for configured endpoints.
 2024-06-27 20:39:51 -07:00
Vinayak Goyal
5e6a4937f5 KEP-4633: Allow health-only anonymous auth mode. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-06-28 00:30:05 +00:00
Antonio Ojea
9b1bad431b implement dual write on Service ClusterIP allocator 
MultiCIDRServiceAllocator implements a new ClusterIP allocator based on
IPAddress object to solve the problems and limitations caused by
existing bitmap allocators.

However, during the rollout of new versions, deployments need to support
a skew of one version between kube-apiservers. To avoid the possible
problem where there are multiple Services requests on the skewed
apiservers and that both allocate the same IP to different Services,
the new allocator will implement a dual-write strategy under the
feature gate DisableAllocatorDualWrite.

After the MultiCIDRServiceAllocator is GA, the DisableAllocatorDualWrite
can be enabled safely as all apiservers will run with the new
allocators. The graduation of DisableAllocatorDualWrite can also
be used to clean up the opaque API object that contains the old bitmaps.

If MultiCIDRServiceAllocator is enabled and DisableAllocatorDualWrite is disable
and is a new environment, there is no bitmap object created, hence, the
apiserver will initialize it to be able to write on it.
 2024-06-27 11:33:36 +00:00
Lukasz Szaszkiewicz
0b15903b35 kube-apiserver: promote WatchList feature to beta 2024-06-27 08:49:59 +02:00
Kubernetes Prow Robot
cd19796316 Merge pull request #125475 from AkihiroSuda/rro 
KEP-3857: promote RecursiveReadOnlyMounts feature to beta
 2024-06-26 14:13:39 -07:00
Kubernetes Prow Robot
fb0195df11 Merge pull request #123428 from atiratree/UnhealthyPodEvictionPolicy-GA 
promote PDBUnhealthyPodEvictionPolicy to GA
 2024-06-25 21:56:20 -07:00
Siyuan Zhang
403301bfdf apiserver: Add API emulation versioning. 
Co-authored-by: Siyuan Zhang <sizhang@google.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
Co-authored-by: Alex Zielenski <zielenski@google.com>

Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2024-06-25 22:12:11 +00:00
Kubernetes Prow Robot
9d9b6fb876 Merge pull request #125261 from bart0sh/PR145-DevicePluginCDIDevices-update-GA-milestone 
features: update milestone for DevicePluginCDIDevices
 2024-06-25 08:25:59 -07:00
Ed Bartosh
f53991d111 kube_features: DevicePluginCDIDevices: LockToDefault 2024-06-25 16:14:48 +03:00
Filip Křepinský
68d34580e0 promote PDBUnhealthyPodEvictionPolicy to GA 2024-06-21 16:13:53 +02:00
Marek Siarkowicz
0c0e19b343 Move ConsistentListFromCache to Beta default 2024-06-20 10:56:51 +02:00
Kubernetes Prow Robot
b3db54ea72 Merge pull request #125016 from carlory/promote-portworx-csi-migration-default-on 
Enables the Portworx in-tree driver to Portworx migration feature by default
 2024-06-19 13:26:48 -07:00
Kubernetes Prow Robot
aeed1d0e1a Merge pull request #124842 from carlory/honor-pv-reclaim-policy-e2e 
Promote HonorPVReclaimPolicy to beta and enable it by default
 2024-06-19 13:26:41 -07:00
carlory
4058178b8c Promote HonorPVReclaimPolicy to beta and enable it by default 2024-06-19 13:51:37 +08:00
Kubernetes Prow Robot
f70115206b Merge pull request #125082 from alexanderConstantinescu/kep-3836-v131 
KEP 3836 - v1.31 update [promote to GA]
 2024-06-18 17:12:52 -07:00
Kubernetes Prow Robot
2c1aa2bfec Merge pull request #125459 from MinpengJin/master 
Promote LogarithmicScaleDown to GA
 2024-06-17 20:21:40 -07:00
Sean Sullivan
3ae3b4ea55 Graduate PortForwardWebsockets to Beta 2024-06-15 16:09:23 -07:00
Akihiro Suda
ede79b0470 KEP-3857: promote RecursiveReadOnlyMounts feature to beta 
KEP: https://kep.k8s.io/3857

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-06-13 08:58:03 +09:00
Kubernetes Prow Robot
7943c17867 Merge pull request #124329 from chrishenzie/remove-readwriteoncepod-feature-gate 
Remove ReadWriteOncePod feature gate
 2024-06-12 15:51:23 -07:00
Alexander Constantinescu
d1d7ce4d78 KEP 3836 - v1.31 update [promote to GA] 2024-06-11 16:42:57 +02:00