Patrick Ohly
85bfd26c17
CSIStorageCapacity: update rbac test data
...
This is the result of
UPDATE_BOOTSTRAP_POLICY_FIXTURE_DATA=true go test k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy
after enabling the CSIStorageCapacity feature. This enables
additional RBAC entries for reading CSIDriver and
CSIStorageCapacity.
2021-03-08 20:52:50 +01:00
Swetha Repakula
108fd44f7c
Graduate EndpointSlice feature gate to GA
2021-03-06 15:58:47 -08:00
Abdullah Gharaibeh
3c5f018f8e
Add CrossNamespacePodAffinity quota scope and PodAffinityTerm.NamespaceSelector APIs, and CrossNamespacePodAffinity quota scope implementation.
2021-03-03 22:52:43 -05:00
Kubernetes Prow Robot
5498ee641b
Merge pull request #99561 from BenTheElder/remove-bazel
...
Remove Bazel
2021-03-01 09:55:27 -08:00
Benjamin Elder
56e092e382
hack/update-bazel.sh
2021-02-28 15:17:29 -08:00
Jordan Liggitt
ec4d1b3821
Skip visiting empty secret and configmap names
2021-02-27 15:54:38 -05:00
Kubernetes Prow Robot
267e47f548
Merge pull request #99130 from ayberk/ebs_ga_labels
...
Use GA topology labels for EBS
2021-02-23 23:48:49 -08:00
Shihang Zhang
cbf6e38bbd
move RootCAConfigMap to ga
2021-02-22 15:59:27 -08:00
Kubernetes Prow Robot
031f2afbba
Merge pull request #98931 from michaelbeaumont/kubelet_well_known
...
Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis
2021-02-20 11:55:41 -08:00
Ayberk Yilmaz
339b8b450f
Use GA topoogy labels for EBS
2021-02-18 00:34:56 +00:00
Kubernetes Prow Robot
60a0740c95
Merge pull request #98678 from ahg-g/ahg-ttl-beta
...
Graduate TTLAfterFinished to beta
2021-02-09 15:10:59 -08:00
Michael Beaumont
a5a6762d33
Move pkg/kubelet/apis to k8s.io/kubelet/pkg/apis
2021-02-09 21:37:39 +01:00
Abdullah Gharaibeh
880bbdad23
Graduate TTLAfterFinished to beta
2021-02-07 17:23:14 -05:00
Kubernetes Prow Robot
34f138ff83
Merge pull request #97823 from Jiawei0227/translation-lib
...
Preparation for Topology migration to GA for CSI migration
2021-02-02 08:48:28 -08:00
Kubernetes Prow Robot
1119a505ac
Merge pull request #98669 from liggitt/denyexec
...
Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission
2021-02-02 06:52:28 -08:00
Jordan Liggitt
3579f88e4d
Remove deprecated DenyEscalatingExec / DenyExecOnPrivileged admission
2021-02-01 16:55:22 -05:00
Michael Taufen
6aa80d9172
Graduate ServiceAccountIssuerDiscovery to GA
...
Waiting on KEP updates first:
https://github.com/kubernetes/enhancements/pull/2363
2021-02-01 11:44:23 -08:00
Kubernetes Prow Robot
3667e0e9f7
Merge pull request #98147 from deads2k/system-masters-delete
...
add check to gc_admission to allow super users to skip RESTMapping
2021-01-28 17:52:02 -08:00
Kubernetes Prow Robot
24f13032b3
Merge pull request #97395 from thockin/externalips-admission
...
Add denyserviceexternalips admission (KEP 2200)
2021-01-28 12:33:11 -08:00
David Eads
ff6684d90f
add check to gc_admission to allow super users to skip RESTMapping
2021-01-27 16:53:33 -05:00
Jiawei Wang
67fed317a1
Prepare for Topology migration to GA from CSI migration
...
This also includes a change on CSI migration TranslateCSIToInTree
where we remove the CSI topology and add Kubernetes Topology to
the NodeAffinity
2021-01-20 10:49:58 -08:00
Kubernetes Prow Robot
1f0ef8e679
Merge pull request #97293 from roycaihw/storage-version/gc-rbac
...
add rbac rule for storage version garbage collector
2021-01-11 08:39:07 -08:00
Haowei Cai
83b30bc92f
generated
2021-01-08 11:39:41 -08:00
Haowei Cai
be172d6900
add rbac role for storage version GC
2021-01-08 11:39:08 -08:00
Tim Hockin
a8299079a5
Add denyserviceexternalips admission
2020-12-29 10:00:11 -08:00
Tim Hockin
02b77861ec
Move defaultingressclass admission to net subdir
2020-12-28 09:58:30 -08:00
ialidzhikov
bc432124a2
Remove CSINodeInfo feature gate
...
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2020-12-10 09:58:22 +02:00
Kubernetes Prow Robot
96efb71094
Merge pull request #97020 from mikedanese/errfix
...
hoist error message change in token registry to noderestriction
2020-12-08 21:06:42 -08:00
Mike Danese
84995167d6
hoist error message change in token registry to noderestriction
...
The token registry error message was changed in
5eefd7d012
to exclude some object details.
This error comes from noderestriction under some circumstances. Let's
make sure they match.
Change-Id: If9240f5c1a131d27dce389e2c6eca6c33d681f3b
2020-12-02 10:58:25 -08:00
pacoxu
dd3179ee93
AlwaysPullImages: ignore updates that don't change the images referenced by the pod spec
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
2020-12-01 06:59:57 +08:00
Sergey Kanzhelev
06da0e5e74
GA of RuntimeClass feature gate and API
2020-11-11 19:22:32 +00:00
Maciej Borsz
4d81f7e129
Improve observability of node authorizer:
...
* Adding some metrics to the graph
* Adding log message when node authorizer has synced
Change-Id: I3447d6bc389a0b82ded1db2a7a4ae41d79486c2b
2020-11-10 08:40:46 +01:00
Tim Hockin
819ff9b087
Use topology labels instead of old beta names ( #96033 )
...
* Rename const for topology.../zone
* Rename const for topology.../region
* Rename const for failure-domain.../zone
* Rename const for failure-domain.../region
* Restore old names for compat
2020-11-05 20:26:50 -08:00
Shihang Zhang
d40f0c43c4
separate RootCAConfigMap from BoundServiceAccountTokenVolume
2020-11-04 17:10:39 -08:00
Jan Chaloupka
a5920f7edb
Move helpers from pkg/registry/rbac/reconciliation and pkg/registry/rbac/validation under k8s.io/component-helpers
2020-11-02 17:51:16 +01:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook
...
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
2020-11-01 10:18:25 -05:00
Shihang Zhang
ff641f6eb2
mv TokenRequest and TokenRequestProjection to GA
2020-10-29 20:47:01 -07:00
cici37
95acec5a3b
Move client_builder to k8s.io/controller-manager
2020-10-19 14:48:22 -07:00
shuang zhang
f0ea54070b
Replace AreLabelsInWhiteList with isSubset
2020-10-05 22:07:47 +08:00
Kubernetes Prow Robot
ccfdc09f35
Merge pull request #91683 from tedyu/mirror-pod-owner-ref
...
Mirror pod without OwnerReference should not be created
2020-09-25 11:02:48 -07:00
Kubernetes Prow Robot
e7b9453972
Merge pull request #93537 from timuthy/enhancement.move-resourcequota
...
Move ResourceQuota admission to k8s.io/apiserver lib
2020-09-15 12:26:58 -07:00
David Eads
c0c033b12f
generated
2020-09-14 09:24:41 -04:00
David Eads
c7911a384c
remove pod presets
2020-09-14 09:24:40 -04:00
Michael Taufen
4f850f97de
Graduate ServiceAccountIssuerDiscovery to beta
2020-09-11 12:01:47 -07:00
Tim Usner
70d440bc7e
Move ResourceQuota admission to k8s.io/apiserver
2020-09-04 14:53:52 +02:00
Kubernetes Prow Robot
bb9ae50888
Merge pull request #93389 from fisherxu/return-err
...
Return err directly when nodename in node object is not consistent with in cert
2020-08-28 06:37:12 -07:00
Kubernetes Prow Robot
a9d1482710
Merge pull request #93311 from logicalhan/monitoring-role
...
Add bootstrap policy for monitoring endpoints
2020-08-28 06:36:52 -07:00
Davanum Srinivas
3421199494
Sign up dims for additional review roles
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-08-08 19:08:38 -04:00
David Eads
7c25f39eb8
add permissions required by endpoints controller for blockOwnerDeletion
2020-07-28 13:13:38 -04:00
xufei 00416946
f787db2508
return err directly when nodename is not consistent in cert
2020-07-25 09:10:32 +08:00