github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88,339 Commits 1 Branch 31 Tags
bcd975aa6575ae37ec3be3481e44cd0dccd02337
Commit Graph

38134 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
8ca96f3e07 Merge pull request #80724 from cceckman/provider-info-e2e 
Provide OIDC discovery for service account token issuer
 2020-02-13 01:38:35 -08:00
Kubernetes Prow Robot
177506d87c Merge pull request #87945 from andyzhangx/azure-writeaccelerator 
add azure disk WriteAccelerator support
 2020-02-12 21:37:24 -08:00
Kubernetes Prow Robot
f0c14f291f Merge pull request #87751 from skilxn-go/Rename 
[Scheduler Framework] Rename `PostFilter` plugin to `PreScore`
 2020-02-12 21:37:12 -08:00
Kubernetes Prow Robot
bd1042080f Merge pull request #81678 from verb/debug-list 
Add ephemeral containers to streamLocation name suggestions
 2020-02-12 21:36:35 -08:00
Kubernetes Prow Robot
e92ecdd7ee Merge pull request #88032 from davidz627/master 
Change migrated-to annoation key to follow best practices by removing beta
 2020-02-12 17:54:48 -08:00
Kubernetes Prow Robot
b9c57a1aa2 Merge pull request #87353 from aojea/kproxy_dual 
kube-proxy: validate dual-stack cidrs
 2020-02-12 17:54:35 -08:00
Kubernetes Prow Robot
f7eafa1a83 Merge pull request #86896 from yutedz/copy-into-err 
Return the error from copyInto
 2020-02-12 13:54:51 -08:00
David Zhu
81668cb887 Change migrated-to annoation key to follow best practices by removing beta and using 'pv' prefix 2020-02-12 10:33:08 -08:00
skilxn-go
f5b7e3cca3 Rename PostFilter plugin to PreScore 2020-02-12 23:25:08 +08:00
Lee Verberne
cc32702e8f Add ephemeral containers to streamLocation name suggestions 
This combines container names into a single list because separating them
into a long, variable length string isn't particularly useful in the
context of an streaming error message.
 2020-02-12 14:49:42 +01:00
Kubernetes Prow Robot
ed0d6ee3ce Merge pull request #85617 from andrewsykim/optimize-external-ips 
proxier: only get local addresses once per sync loop
 2020-02-12 02:22:51 -08:00
Kubernetes Prow Robot
c4df69d241 Merge pull request #88024 from notpad/weight 
Add RegisterPluginAsExtensionsWithWeight
 2020-02-11 23:16:20 -08:00
Kubernetes Prow Robot
92be16ce82 Merge pull request #88014 from andyzhangx/azure-csi-migration 
fix: add azure disk migration support on CSINode
 2020-02-11 23:16:09 -08:00
Kubernetes Prow Robot
17a6248f76 Merge pull request #87939 from shaloulcy/pod_storage_indexer 
add indexer for pod storage
 2020-02-11 23:15:22 -08:00
Kubernetes Prow Robot
fd0b34d69d Merge pull request #87911 from tedyu/rm-exp-backoff 
Remove the exponential backoff in NodeGetInfo
 2020-02-11 23:15:10 -08:00
Kubernetes Prow Robot
52fb02fdbe Merge pull request #87718 from wojtek-t/kubelet_not_watching_immutable_secret_configmaps 
WatchBasedManager stops  watching immutable objects
 2020-02-11 23:14:33 -08:00
Charles Eckman
5a176ac772 Provide OIDC discovery endpoints 
- Add handlers for service account issuer metadata.
- Add option to manually override JWKS URI.
- Add unit and integration tests.
- Add a separate ServiceAccountIssuerDiscovery feature gate.

Additional notes:
- If not explicitly overridden, the JWKS URI will be based on
  the API server's external address and port.

- The metadata server is configured with the validating key set rather
than the signing key set. This allows for key rotation because tokens
can still be validated by the keys exposed in the JWKs URL, even if the
signing key has been rotated (note this may still be a short window if
tokens have short lifetimes).

- The trust model of OIDC discovery requires that the relying party
fetch the issuer metadata via HTTPS; the trust of the issuer metadata
comes from the server presenting a TLS certificate with a trust chain
back to the from the relying party's root(s) of trust. For tests, we use
a local issuer (https://kubernetes.default.svc) for the certificate
so that workloads within the cluster can authenticate it when fetching
OIDC metadata. An API server cannot validly claim https://kubernetes.io,
but within the cluster, it is the authority for kubernetes.default.svc,
according to the in-cluster config.

Co-authored-by: Michael Taufen <mtaufen@google.com>
 2020-02-11 16:23:31 -08:00
Andrew Sy Kim
1653476e3f proxier: use IPSet from k8s.io/utils/net to store local addresses 
This allows the proxier to cache local addresses instead of fetching all
local addresses every time in IsLocalIP.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:44:34 -05:00
Andrew Sy Kim
77feb1126e userspace proxy: get local addresses only once per sync loop 
This avoids fetching all local network interfaces everytime we sync an
external IP. For clusters with many external IPs this gets really
expensive. This change caches all local addresses once per sync.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:35:49 -05:00
Andrew Sy Kim
126bf5a231 ipvs proxier: use util proxy methods for getting local addresses 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:35:49 -05:00
Andrew Sy Kim
313c3b81e3 iptables proxier: get local addresses only once per sync loop 
This avoids fetching all local network interfaces everytime we sync an
external IP. For clusters with many external IPs this gets really
expensive. This change caches all local addresses once per sync.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:35:49 -05:00
notpad
89066cceb9 Add RegisterPluginAsExtensionsWithWeight 2020-02-11 23:11:53 +08:00
Kubernetes Prow Robot
574acbe310 Merge pull request #87847 from notpad/feature/slow_path 
Cleanup "slow-path" logic in scheduler Filters
 2020-02-11 06:46:04 -08:00
andyzhangx
9cb7f54c0b fix: add azure disk migration support for CSINode 2020-02-11 11:39:55 +00:00
notpad
fb895056c6 Add test 2020-02-11 16:51:21 +08:00
shaloulcy
fe312ed74a add index for pod cacher 
Signed-off-by: shaloulcy <lcy041536@gmail.com>
 2020-02-11 09:25:27 +08:00
Kubernetes Prow Robot
db9123e50e Merge pull request #87936 from Huang-Wei/waitingPods-glitch 
Refine WaitingPod interface for scheduler Permit plugin
 2020-02-10 09:23:54 -08:00
notpad
a7057f8df0 Cleanup "slow-path" logic in scheduler Filters 2020-02-10 22:48:49 +08:00
Kubernetes Prow Robot
ac97b2d65e Merge pull request #83507 from lyft/support-resetting-cpuacct 
Prevent returning invalid usageNanoCores value when cpuacct is reset in a live container
 2020-02-09 08:45:53 -08:00
Kubernetes Prow Robot
652f52b51c Merge pull request #85637 from dims/cinder-migration-flag 
Flip CSIMigrationOpenStack flag to be beta and off by default
 2020-02-08 21:49:52 -08:00
Kubernetes Prow Robot
abe6321296 Merge pull request #87952 from mikedanese/opts 
add *Options to Create, Update, and Patch in generated clientsets
 2020-02-08 20:43:53 -08:00
Kubernetes Prow Robot
d09f8b9d54 Merge pull request #79409 from takmatsu/add-phase 
Modify Kubelet Pod Resources API to get only active pods
 2020-02-08 16:09:52 -08:00
Kubernetes Prow Robot
a280a967a5 Merge pull request #87853 from alculquicondor/fix/options_test 
Do lenient decoding only for kubescheduler.config.k8s.io/v1alpha1
 2020-02-08 14:46:21 -08:00
Kubernetes Prow Robot
0c6470115e Merge pull request #86578 from tnqn/except-validation 
Validate Except of IPBlock for NetworkPolicy spec
 2020-02-08 14:45:53 -08:00
Mike Danese
bfc75d9a5c manual fixes 2020-02-08 12:32:33 -05:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Kubernetes Prow Robot
dde6e8e746 Merge pull request #87858 from smarterclayton/different_type 
kubelet: Debug pod status output diff is wrong
 2020-02-08 06:44:06 -08:00
Kubernetes Prow Robot
334d788f08 Merge pull request #87299 from mikedanese/ctx 
context in client-go
 2020-02-08 06:43:52 -08:00
andyzhangx
657dedc3be add azure disk WriteAccelerator support 2020-02-08 07:43:21 +00:00
Kubernetes Prow Robot
b3ba969756 Merge pull request #87913 from cheftako/master 
Add code to fix kubelet/metrics memory issue.
 2020-02-07 21:51:53 -08:00
Kubernetes Prow Robot
6d4e2d722e Merge pull request #87381 from yuxiaobo96/k8s-staticcheck3 
staticcheck: pkg/volume/fc, pkg/volume/portworx and pkg/volume/vspher…
 2020-02-07 18:32:58 -08:00
Kubernetes Prow Robot
b61f89dd25 Merge pull request #85321 from MikeSpreitzer/apf-printers 
Added server-side printers for API priority and fairness
 2020-02-07 18:31:58 -08:00
Kubernetes Prow Robot
e1d6c0d095 Merge pull request #84620 from seans3/tablegenerator-test 
Adds initial unit tests for tablegenerator.go
 2020-02-07 18:31:45 -08:00
Mike Danese
2637772298 some manual fixes 2020-02-07 18:17:40 -08:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Wei Huang
b8e2b0d990 Refine WaitingPod interface 2020-02-07 16:32:48 -08:00
Kubernetes Prow Robot
9617322727 Merge pull request #87904 from alculquicondor/rm_v1alpha2_deprecated 
Remove deprecated fields from kubescheduler.config.k8s.io/v1alpha2
 2020-02-07 15:20:32 -08:00
Kubernetes Prow Robot
d8b325b534 Merge pull request #85856 from adelina-t/cpu_requests_fix_ctrd 
Fix Cpu Requests priority Windows.
 2020-02-07 15:19:58 -08:00
Walter Fender
9802bfcec0 Add code to fix kubelet/metrics memory issue. 
Bucketing url paths based on concept/handling.
Bucketing code placed by handling code to encourage usage.
Added unit tests.
Fix format.
 2020-02-07 15:12:24 -08:00
Aldo Culquicondor
2ffb13e822 Do lenient decoding only for kubescheduler config v1alpha1 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-02-07 15:41:00 -05:00