github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
124,346 Commits 1 Branch 31 Tags
b8045f98a41f32051a167091eddd3a2d802608a2
Commit Graph

21354 Commits

Author SHA1 Message Date
Jefftree
cd69335542 informers: add comment that Start does not block 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-27 18:23:51 +02:00
Dr. Stefan Schimanski
c7a1fa432a Call non-blocking informerFactory.Start synchronously to avoid races 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-27 18:13:09 +02:00
Feilian Xie
ebdca53805 [sample-apiserver] Fix: Use Correct Effective Version for kube (#125941) 
* Fix slice copy of VersionedSpecs in FeatureGate.

Signed-off-by: Siyuan Zhang <sizhang@google.com>

* Update wardle to kube version mapping

Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Feilian Xie <fxie@redhat.com>
Co-authored-by: Feilian Xie <fxie@redhat.com>

* Add cap to wardleEmulationVersionToKubeEmulationVersion.

Signed-off-by: Siyuan Zhang <sizhang@google.com>

* Add integration test for default BanFlunder behavior in version 1.2 without Wardle feature gate.

Signed-off-by: Siyuan Zhang <sizhang@google.com>

---------

Signed-off-by: Siyuan Zhang <sizhang@google.com>
Signed-off-by: Feilian Xie <fxie@redhat.com>
Co-authored-by: Siyuan Zhang <sizhang@google.com>
 2024-07-26 12:03:52 -07:00
Kubernetes Prow Robot
3a8a60eba2 Merge pull request #126240 from bzsuni/bz/etcd/update/v3.5.15 
Update etcd to v3.5.15
 2024-07-26 04:58:05 -07:00
Kubernetes Prow Robot
5f5c02da51 Merge pull request #124012 from Jefftree/le-controller 
Coordinated Leader Election
 2024-07-25 13:05:53 -07:00
Sebastiaan van Stijn
aeb607443d revendor dependencies 
I was workinng on updating a dependency, and noticed that running
hack/update-vendor.sh resulted in a diff. Comitting the result
as a PR.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-07-25 10:39:12 -04:00
bzsuni
4ad2cd9299 Update etcd from v3.5.14 to v3.5.15 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2024-07-25 10:48:34 +08:00
Jefftree
919e7abe0f update codegen and openapi 2024-07-24 14:41:13 +00:00
Jefftree
0c774d0b1f Change PingTime to be persistent 2024-07-24 14:41:13 +00:00
Jefftree
e1ea24a171 fix ordering issue in candidates 2024-07-24 14:38:13 +00:00
Jefftree
42678f1553 regen clients 2024-07-24 14:38:12 +00:00
Jefftree
fac7581640 feedback: leasecandidate clients 2024-07-24 14:38:12 +00:00
Dr. Stefan Schimanski
68226b0501 Review feedback 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-24 14:38:12 +00:00
Jefftree
c47ff1e1a9 CLE controller and client changes 2024-07-24 14:38:11 +00:00
Jefftree
9b16b0dc97 CLE feature gate 2024-07-24 14:38:11 +00:00
Jefftree
3999b98c88 Coordinated Leader Election Alpha API 2024-07-24 14:38:10 +00:00
Kubernetes Prow Robot
5af1710d90 Merge pull request #126243 from SergeyKanzhelev/devicePluginFailures 
Implement resource health in pod status (KEP 4680)
 2024-07-23 20:12:24 -07:00
Kubernetes Prow Robot
49ff255074 Merge pull request #126308 from cici37/hotFix 
Update with stdlib errors
 2024-07-23 18:02:07 -07:00
Sergey Kanzhelev
2253b53b58 generated files 2024-07-24 00:29:35 +00:00
Sergey Kanzhelev
16e8911fdc add AllocatedResourcesStatus field to ContainerStatus 2024-07-24 00:29:34 +00:00
Cici Huang
a48a92c72e Allowing direct CEL reserved keyword usage in CRD (#126188) 
* automatically escape reserved keywords for direct usage

* Add reserved keyword support in a ratcheting way, add tests.

---------

Co-authored-by: Wenxue Zhao <ballista01@outlook.com>
 2024-07-23 15:45:20 -07:00
Kubernetes Prow Robot
f93fe412c7 Merge pull request #126281 from saschagrunert/oci-volume-docs 
[KEP-4639] Mention that `fsGroupChangePolicy` has no effect
 2024-07-23 14:40:14 -07:00
cici37
ac2c450da7 Update with stdlib errors 2024-07-23 21:16:53 +00:00
Kubernetes Prow Robot
c2fdeca4ab Merge pull request #126145 from carlory/kep-3751-api 
[KEP-3751] Promote VolumeAttributesClass to beta
 2024-07-23 13:31:05 -07:00
Kubernetes Prow Robot
107f621462 Merge pull request #126108 from gnufied/changes-volume-recovery 
Reduce state changes when expansion fails and mark certain failures as infeasible
 2024-07-23 13:30:56 -07:00
Kubernetes Prow Robot
c01bc31fa2 Merge pull request #126163 from haircommander/procMount-baseline 
PSA: allow procMount type Unmasked in baseline
 2024-07-23 12:21:20 -07:00
Kubernetes Prow Robot
04d2f33641 Merge pull request #124061 from Jefftree/conversion-webhook-invalidca 
Validate CABundle when writing CRD
 2024-07-23 12:20:53 -07:00
Kubernetes Prow Robot
05bb5f71f8 Merge pull request #120611 from pohly/dra-resource-quotas 
DRA: resource quotas
 2024-07-23 12:20:44 -07:00
Kubernetes Prow Robot
a00181d4d4 Merge pull request #121902 from carlory/kep-3751-pv-controller 
[kep-3751] pvc bind pv with vac
 2024-07-23 11:02:13 -07:00
Patrick Ohly
299ecde5cc DRA quota: add ResourceClaim v1.ResourceQuota limits 
Dynamic resource allocation is similar to storage in the sense that users
create ResourceClaim objects to request resources, same as with persistent
volume claims. The actual resource usage is only known when allocating claims,
but some limits can already be enforced at admission time:

- "count/resourceclaims.resource.k8s.io" limits the number of ResourceClaim objects in
  a namespace; this is a generic feature that is already supported also without
  this commit.

- "resourceclaims" is *not* an alias - use "count/resourceclaims.resource.k8s.io"
  instead.

- <device-class-name>.deviceclass.resource.k8s.io/devices limits the number of
  ResourceClaim objects in a namespace such that the number of devices
  requested through those objects with that class does not exceed the limit.

A single request may cause the allocation of multiple devices. For exact
counts, the quota limit is based on the sum of those exact counts. For requests
asking for "all" matching devices, the maximum number of allocated devices per
claim is used as a worst-case upper bound.

Requests asking for "admin access" contribute to the quota.

DRA quota: remove admin mode exception
 2024-07-23 18:52:34 +02:00
Kubernetes Prow Robot
8e175c688e Merge pull request #126165 from haircommander/selinux-engine_t 
PSA: allow container_engine_t selinux type
 2024-07-23 09:21:20 -07:00
Kubernetes Prow Robot
fbdfb9d8d9 Merge pull request #126031 from harche/kubelet_cgroupv1_arg 
KEP-4569: Kubelet option to disable cgroup v1 support
 2024-07-23 09:21:11 -07:00
Peter Hunt
7e750a62a1 PSA: small cleanups for tests that use RelaxPolicyForUserNamespacePods 
make sure to cleanup after setting RelaxPolicyForUserNamespacePods
setup test variables to be a little more terse and similar between tests
cleanup Allowed checking

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-07-23 12:01:06 -04:00
Peter Hunt
17521f04a4 PSA: allow procMount type Unmasked in baseline 
a masked proc mount has traditionally been used to prevent untrusted containers from accessing leaky kernel APIs.
However, within a user namespace, typical ID checks protect better than masked proc. Further, allowing unmasked proc
with a user namespace gives access to a container mounting sub procs, which opens avenues for container-in-container use cases.

Update PSS for baseline to allow a container to access an unmasked /proc, if it's in a user namespace and if the UserNamespacesPodSecurityStandards feature is enabled.

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-07-23 12:01:06 -04:00
Kubernetes Prow Robot
fc03f3e74c Merge pull request #126125 from mprahl/stop-idempotent 
Allow calling Stop multiple times on RetryWatcher
 2024-07-23 08:16:24 -07:00
Kubernetes Prow Robot
1854839ff0 Merge pull request #126067 from tenzen-y/implement-job-success-policy-e2e 
Graduate the JobSuccessPolicy to Beta
 2024-07-23 06:14:23 -07:00
Kubernetes Prow Robot
bb350f7111 Merge pull request #125661 from mjudeikis/mjudeikis/poststarthookctx.stopch.cleanup 
Clean deprecated context.StopCh
 2024-07-23 02:12:22 -07:00
Sascha Grunert
479a7c34fe ImageVolumeSource: mention that fsGroupChangePolicy has no effect 
A small documentation follow-up based on the review:
https://github.com/kubernetes/kubernetes/pull/125660#discussion_r1686859866

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-23 10:15:18 +02:00
carlory
3a6a4830df pvc bind pv with vac 2024-07-23 15:04:11 +08:00
carlory
0260c7d023 Promote VolumeAttributesClass to beta 2024-07-23 13:58:14 +08:00
Cici Huang
5420b2fe9a Hot fix for panic on schema conversion. (#126167) 2024-07-22 19:43:45 -07:00
Yuki Iwai
551931c6a8 Graduate the JobSuccessPolicy to beta 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-07-23 09:29:06 +09:00
Kubernetes Prow Robot
04cc0a1034 Merge pull request #126187 from seans3/portforward-websockets-metrics 
Adds metrics to PortForward Websockets
 2024-07-22 16:53:25 -07:00
Kubernetes Prow Robot
f753a444a5 Merge pull request #126091 from seans3/ws-err-extra-info 
Adds extra error information from response to bad handshake error when possible
 2024-07-22 16:53:16 -07:00
Kubernetes Prow Robot
6e52e705d0 Merge pull request #125374 from pwschuurman/kep-3335-stable 
Promote StatefulSetStartOrdinal to stable in 1.31
 2024-07-22 14:25:49 -07:00
Sean Sullivan
f387f0b69a Adds extra error information from response to bad handshake error when possible 2024-07-22 14:12:01 -07:00
Sean Sullivan
90d70ed73d Adds metrics to PortForward Websockets 2024-07-22 14:08:42 -07:00
Kubernetes Prow Robot
d21b17264e Merge pull request #125488 from pohly/dra-1.31 
DRA for 1.31
 2024-07-22 11:45:55 -07:00
Kubernetes Prow Robot
887def08b6 Merge pull request #126237 from cici37/promoteMetrics 
Promote metrics for VAP and CRD validation rules to beta.
 2024-07-22 10:17:49 -07:00
Kubernetes Prow Robot
0caeba5cbe Merge pull request #126204 from vrutkovs/unsafeRecordQueried-atomicPointer 
feature_gate: avoid extra copy when queried feature is already stored, use Set instead of map
 2024-07-22 09:09:42 -07:00