github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
117,244 Commits 1 Branch 31 Tags
b7cbebcd03434a6efb46f90872076e6dbaa67a24
Commit Graph

3961 Commits

Author SHA1 Message Date
Sascha Grunert
af1f6a230b Make seccomp annotations non-functional 
This cleanup has been planned to finish the corresponding KEP:
https://github.com/kubernetes/kubernetes/issues/91286

As follow-up on the partly removal of the seccomp annotations in
https://github.com/kubernetes/kubernetes/pull/109819, we now drop
the version skew handling completely, but still warn as well as keep
the validation in place if both (annotation and field) are set.

The Pod Security Admission code has been already changed in
https://github.com/kubernetes/kubernetes/pull/114846.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2023-01-12 17:11:52 +01:00
Paco Xu
99d402e58f remove psp api utils 2023-01-06 17:07:02 +08:00
Paco Xu
25686a2c77 remove psp in extensions api/apis 2023-01-06 17:07:02 +08:00
Antonio Ojea
1b804fc87c Services API: warnings 
The Services API should warn users about some IP addresses
representations, mainly because some of them are not allowed
by the golang std parsers since go 1.17

Specifically:

- IPv4 addresses with leading zeros, that may cause security risks
- IPv6 addresses in non canonical format, that may cause problems
with controllers hotlooping or cause security issues

Change-Id: Ife50a651d1b22dc4c318e42bd3e5f2e5f88ecbcd
 2022-12-16 11:54:05 +00:00
Kubernetes Prow Robot
cb03415326 Merge pull request #111802 from maaoBit/fix-labelSelectorValidate-missing 
Validate labelSelector in topologySpreadConstraints
 2022-12-12 18:47:44 -08:00
Kubernetes Prow Robot
923ee203f3 Merge pull request #110991 from thockin/svc-typenames-starTrafficPolicyType 
Svc typenames star traffic policy type
 2022-12-12 18:47:33 -08:00
Tim Hockin
dd0a50336e ServiceInternalTrafficPolicyType: s/Type// 
Rename ServiceInternalTrafficPolicyType => ServiceInternalTrafficPolicy
 2022-12-11 13:48:31 -08:00
Tim Hockin
d0e2b06850 ServiceExternalTrafficPolicyType: s/Type// 
Rename ServiceExternalTrafficPolicyType => ServiceExternalTrafficPolicy
 2022-12-11 13:48:27 -08:00
maao
a796707396 Validate labelSelector in topologySpreadConstraints 
Signed-off-by: maao <maao420691301@gmail.com>
 2022-11-28 09:46:46 +08:00
TommyStarK
43726e8403 pkg/api/persistentvolume: Improving test coverage. 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2022-11-21 17:18:24 +01:00
Patrick Ohly
5cca60f0b8 api: dynamic resource allocation API 
This adds a new resource.k8s.io API group with v1alpha1 as version. It contains
four new types: resource.ResourceClaim, resource.ResourceClass, resource.ResourceClaimTemplate, and
resource.PodScheduling.
 2022-11-10 20:08:24 +01:00
Patrick Ohly
7d11b422e3 api: add resource claims to core API 
The resource.k8s.io/ClaimTemplate only gets referenced by name, therefore the
changes to the core API are limited.
 2022-11-10 20:08:24 +01:00
Takafumi Takahashi
87c1ca88d4 Add API and validation for CrossNamespaceVolumeDataSource 2022-11-09 20:58:25 +00:00
Abu Kashem
ca949d5188 apiserver: set borrowing defaults for flowcontrol API 2022-11-08 13:22:59 -08:00
Jordan Liggitt
fc69084bf1 Update workload selector validation 2022-11-07 20:52:02 -05:00
Manjusaka
0843c4dfca Add extra value validation for matchExpression field in LabelSelector 2022-11-07 20:48:21 -05:00
Kubernetes Prow Robot
595ea32411 Merge pull request #113314 from cici37/celIntegration 
CEL validation in Admission chain
 2022-11-07 17:08:33 -08:00
Cici Huang
0486e06261 Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control 2022-11-07 20:51:51 +00:00
Wei Huang
7b6293b6b6 APIs, Validation and condition enforcements 
- New API field .spec.schedulingGates
- Validation and drop disabled fields
- Disallow binding a Pod carrying non-nil schedulingGates
- Disallow creating a Pod with non-nil nodeName and non-nil schedulingGates
- Adds a {type:PodScheduled, reason:WaitingForGates} condition if necessary
- New literal SchedulingGated in the STATUS column of `k get pod`
 2022-11-03 14:32:34 -07:00
Mark Rossetti
498d065cc5 Promoting WindowsHostProcessContainers to stable 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2022-11-01 14:06:25 -07:00
Paco Xu
140502af8c add warning for PVC template in statefulset and in pod ephemeral volume source 2022-10-22 09:14:03 +08:00
Paco Xu
ca94a89414 pvc warning for storage request: add unit test 2022-10-21 16:56:41 +08:00
Paco Xu
0b848bee4e pvc storage request warning for fractional byte value 
- create or update
 2022-10-21 16:15:55 +08:00
Dipankar Das
54ddcdce21 Code Refactoring of Pod under pkg/api (#112085) 
* Code Refactoring

- added some function comments
- spelling errors

Signed-off-by: Dipankar Das <dipankardas0115@gmail.com>

* Some typo fix in resource under pkg/api/v1

Signed-off-by: Dipankar Das <dipankardas0115@gmail.com>

* Grammer corrections in api/v1/pod

Signed-off-by: Dipankar Das <dipankardas0115@gmail.com>

* Function description changes in pkg/api/v1

- pod
- resource

Signed-off-by: Dipankar Das <dipankardas0115@gmail.com>

Signed-off-by: Dipankar Das <dipankardas0115@gmail.com>
 2022-09-26 09:20:08 -07:00
Sergey Kanzhelev
ad7199a9da remove podOverhead feature gate as a feature is now GA since 1.24 2022-09-19 19:25:16 +00:00
Jonathan Dobson
5f774832a5 Move CSIInlineVolume feature to GA 2022-08-04 13:06:30 -06:00
Kubernetes Prow Robot
442574f3a7 Merge pull request #111513 from jingxu97/july/localstorage 
Promote Local storage capacity isolation feature to GA
 2022-08-03 13:05:59 -07:00
Rodrigo Campos
cf8164bccf apis: add validation for HostUsers 
This commit just adds a validation according to KEP-127. We check that
only the supported volumes for phase 1 of the KEP are accepted.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
jinxu
0064010cdd Promote Local storage capacity isolation feature to GA 
This change is to promote local storage capacity isolation feature to GA

At the same time, to allow rootless system disable this feature due to
unable to get root fs, this change introduced a new kubelet config
"localStorageCapacityIsolation". By default it is set to true. For
rootless systems, they can set this configuration to false to disable
the feature. Once it is set, user cannot set ephemeral-storage
request/limit because capacity and allocatable will not be set.

Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
 2022-08-02 23:45:48 -07:00
Kubernetes Prow Robot
9ef16e7908 Merge pull request #108554 from pacoxu/bad-input-1 
add deprecated warning for node beta labels in pv/sc/rc/csi storage capacity
 2022-08-02 10:23:44 -07:00
Sascha Grunert
584783ee9f Partly remove support for seccomp annotations 
We now partly drop the support for seccomp annotations which is planned
for v1.25 as part of the KEP:

https://github.com/kubernetes/enhancements/issues/135

Pod security policies are not touched by this change and therefore we
have to keep the annotation key constants.

This means we only allow the usage of the annotations for backwards
compatibility reasons while the synchronization of the field to
annotation is no longer supported. Using the annotations for static pods
is also not supported any more.

Making the annotations fully non-functional will be deferred to a
future release.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2022-08-01 09:19:29 +02:00
Kubernetes Prow Robot
3dc51872f0 Merge pull request #111485 from humblec/glusterfs-deprecation 
deprecate GlusterFS plugin from available in-tree drivers.
 2022-07-31 19:26:27 -07:00
Kubernetes Prow Robot
3902a53419 Merge pull request #111441 from denkensk/respect-topology 
Respect PodTopologySpread after rolling upgrades
 2022-07-30 01:40:42 -07:00
Alex Wang
e6c2bf8516 api defination for MatchLabelKeys in TopologySpreadConstraint 
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
 2022-07-30 13:21:16 +08:00
Humble Chirammal
e675bfee59 deprecate GlusterFS plugin from available in-tree drivers. 
GlusterFS is one of the first dynamic provisioner which made into
Kubernetes release v1.4.

https://github.com/kubernetes/kubernetes/pull/30888

When CSI plugins/drivers to start appear, glusterfs' CSI driver
came into existence, however this project is not maintianed at
present and the last release happened few years back.

https://github.com/gluster/gluster-csi-driver/releases/tag/v0.0.9

The possibilities of migration to compatible CSI driver was also
discussed https://github.com/kubernetes/kubernetes/issues/100897
and consensus was to start the deprecation in v1.25.

This commit start the deprecation process of glusterfs plugin from
in-tree drivers.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
 2022-07-29 12:18:48 +05:30
Lee Verberne
d238e67ba6 Remove EphemeralContainers feature-gate checks 2022-07-26 02:55:30 +02:00
Ravi Gudimetla
b79ebb8165 Promote PodOS field to GA 2022-07-18 23:27:58 -04:00
Kubernetes Prow Robot
b3057e7ccc Merge pull request #106834 from mengjiao-liu/sysctl-allow-slashes 
Add support for slash as sysctl separator to Pod securityContext field and to PodSecurityPolicy
 2022-07-15 01:04:24 -07:00
Kubernetes Prow Robot
1d7829a964 Merge pull request #110975 from 0xff-dev/cleanup-unused-func 
clean up unused function 'GetServiceHealthCheckPathPort'
 2022-07-08 18:03:57 -07:00
Tim Hockin
55232e2ef7 Rename IPFamilyPolicyType => IPFamilyPolicy 2022-07-06 15:42:26 -07:00
0xff-dev
729bd22e24 clean up unused function 'GetServiceHealthCheckPathPort' 2022-07-06 16:15:14 +08:00
21kyu
df168d5b5c Change reflect.Ptr to reflect.Pointer 2022-06-26 01:23:43 +09:00
Mengjiao Liu
20bb84b3f1 Pod SecurityContext and PodSecurityPolicy supports slash as sysctl separator 2022-06-22 10:24:35 +08:00
David Porter
7811d84fef kubelet: Mark ready condition as false explicitly for terminal pods 
Terminal pods may continue to report a ready condition of true because
there is a delay in reconciling the ready condition of the containers
from the runtime with the pod status. It should be invalid for kubelet
to report a terminal phase with a true ready condition. To fix the
issue, explicitly override the ready condition to false for terminal
pods during status updates.

Signed-off-by: David Porter <david@porter.me>
 2022-06-08 16:19:16 -07:00
Davanum Srinivas
50bea1dad8 Move from k8s.gcr.io to registry.k8s.io 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-05-31 10:16:53 -04:00
Antonio Ojea
d16d23e0c7 add pod util to verify pod is terminal 
pods on phase succeeded or failed are guaranteed to have all containers
stopped and to not ever regress
 2022-05-27 06:42:39 +02:00
Paco Xu
234c33e8b8 deprecated node labels: make naming consistant and remove some unused args in funcs 2022-05-25 15:15:34 +08:00
kerthcet
02f0a3ee91 feat: add NodeInclusionPolicy to TopologySpreadConstraint in PodSpec 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2022-05-10 12:54:49 +08:00
Paco Xu
db147b7d67 (ut) add tests for bad filed values checking; refactor some funcs 2022-05-09 16:17:32 +08:00
Daniel Smith
331525670b Remove ClusterName 2022-05-05 20:12:50 +00:00