github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
81,302 Commits 1 Branch 31 Tags 1,019 MiB
c64d6a39aa
Commit Graph

2869 Commits

Author SHA1 Message Date
Kirill Shirinkin
5e9da75df2 Allow aggregate-to-view roles to get jobs status (#77866) 
* Allow aggregate-to-edit roles to get jobs status

Right now users/accounts with role `admin` or `edit` can create, update and delete jobs, but are not allowed to pull the status of a job that they create.  This change extends `aggregate-to-edit` rules to include `jobs/status`.

* Move jobs/status to aggregate-to-view rules

* Add aggregate-to-view policy to view PVCs status

* Update fixtures to include new read permissions

* Add more status subresources

* Update cluster-roles.yaml

* Re-order deployment permissions

* Run go fmt

* Add more permissions

* Fix tests

* Re-order permissions in test data

* Automatically update yamls
 2019-07-26 11:59:22 -07:00
Kubernetes Prow Robot
ab3bf7237d
Merge pull request #79565 from tedyu/runtime-cls 
Return the error from validateOverhead in RuntimeClass#Validate
 2019-07-19 12:37:24 -07:00
draveness
d83526d253 Revert "feat: cleanup pod critical pod annotations feature" 
This reverts commit b6d41ee5cc.
 2019-07-18 13:31:12 +08:00
Kubernetes Prow Robot
642a06e552
Merge pull request #79554 from draveness/feature/remove-critical-pod-annotation 
feat: cleanup pod critical pod annotations feature
 2019-07-11 22:03:04 -07:00
Kubernetes Prow Robot
2659b3755a
Merge pull request #80030 from yastij/bootstrap-policy 
add rbac for events.k8s.io apiGroup to system:kube-scheduler
 2019-07-11 11:25:20 -07:00
Yassine TIJANI
a024d48eba add rbac for events.k8s.io apiGroup to system:kube-scheduler 
Signed-off-by: Yassine TIJANI <ytijani@vmware.com>
 2019-07-11 16:10:32 +02:00
Kubernetes Prow Robot
d11eb67c02
Merge pull request #79621 from egernst/admission-fixups 
RuntimeClass-admission: fixup comment, simplify nested ifs
 2019-07-11 05:36:55 -07:00
Jordan Liggitt
2899abb65c Populate API version in synthetic authorization requests 2019-07-10 21:29:25 -04:00
draveness
b6d41ee5cc feat: cleanup pod critical pod annotations feature 2019-07-11 08:54:19 +08:00
Ted Yu
059243fbd2 Return the error from validateOverhead in RuntimeClass#Validate 2019-07-10 17:32:53 -07:00
Eric Ernst
d409619284 RuntimeClass-admission: fixup comment, simplify nested ifs 
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-07-02 10:49:49 -07:00
Kubernetes Prow Robot
64a2be8e44
Merge pull request #79387 from tedyu/cont-helper-early 
Restore early return for podSpecHasContainer
 2019-07-01 15:09:45 -07:00
Kubernetes Prow Robot
6a2d0f67d1
Merge pull request #79527 from wojtek-t/cleanup_etcd_dir_1 
Cleanup etcd code
 2019-06-29 07:37:22 -07:00
wojtekt
cba13eb9ad Autogenerate code 2019-06-29 15:26:09 +02:00
Kubernetes Prow Robot
e4f1588352
Merge pull request #78484 from egernst/runtimeclass-admission 
Runtimeclass admission
 2019-06-28 23:35:24 -07:00
wojtekt
fd819f8fdc Move APIObjectVersioner 2019-06-28 21:16:49 +02:00
Eric Ernst
824a9e592a runtimeclass-admissioN: add owners file 
add initial owners file for RuntimeClass admission controller

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-27 15:59:59 -07:00
Ted Yu
cf7c164ae3 Restore early return for podSpecHasContainer 2019-06-26 14:17:13 +08:00
Kubernetes Prow Robot
07ee0c3e8b
Merge pull request #79378 from verb/alwayspull-aggregate-errs 
Return all errors in alwayspullimages admission plugin validation
 2019-06-25 17:01:41 -07:00
Kubernetes Prow Robot
22fb6fd174
Merge pull request #77595 from bertinatto/volume_limits 
Volume Scheduling Limits
 2019-06-25 17:01:16 -07:00
Lee Verberne
d88c928733 Generated build file for alwayspullimages 2019-06-25 18:45:30 +00:00
Lee Verberne
bd5f4117e5 Return all errors in alwayspullimages.Validate() 2019-06-25 18:11:51 +00:00
Kubernetes Prow Robot
1215aa73d2
Merge pull request #79176 from verb/debug-iterate-containers 
Add helpers for iterating containers in a pod
 2019-06-25 09:32:52 -07:00
Fabio Bertinatto
00b0ab86af Update scheduler to use volume limits from CSINode 2019-06-25 16:30:54 +02:00
Kubernetes Prow Robot
ad095324bf
Merge pull request #79309 from draveness/feature/cleanup-CSIPersistentVolume-feature-gates 
feat: cleanup feature gates for CSIPersistentVolume
 2019-06-25 01:15:03 -07:00
draveness
8e9472ba79 feat: cleanup feature gates for CSIPersistentVolume 2019-06-25 09:00:12 +08:00
Kubernetes Prow Robot
6f0f62b2c4
Merge pull request #77211 from dixudx/bootstrap_token_refactor 
Bootstrap token refactor
 2019-06-24 13:36:36 -07:00
Kubernetes Prow Robot
2109c1a7a3
Merge pull request #79310 from draveness/feature/cleanup-KubeletPluginsWatcher-feature-gates 
feat: cleanup feature gates for KubeletPluginsWatcher
 2019-06-23 23:04:09 -07:00
draveness
35bc5dc6b6 feat: cleanup feature gates for KubeletPluginsWatcher 2019-06-23 16:59:36 +08:00
draveness
ca6003bc75 feat: cleanup PodPriority features gate 2019-06-23 11:57:24 +08:00
Lee Verberne
a0b57ad3db Update BUILD files for container helper 2019-06-21 08:32:04 +00:00
Lee Verberne
ee821e2a04 Create helpers for iterating containers in a pod 2019-06-21 08:32:04 +00:00
Di Xu
5056161d4d auto-generated 2019-06-20 17:06:26 +08:00
Di Xu
af9ae4c11a refactor bootstrap token utils 2019-06-20 15:43:44 +08:00
Eric Ernst
e8608300c2 autogenerated code update based in new plugin 
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-19 17:20:11 -07:00
Eric Ernst
247dab3578 introduce RuntimeClass admission controller 
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-19 17:20:11 -07:00
Han Kang
54dcf5c9c4 add readyz endpoint for kube-apiserver readiness checks 
add startup sequence duration and readyz endpoint

add rbac bootstrapping policy for readyz

add integration test around grace period and readyz

rename startup sequence duration flag

copy health checks to fields

rename health-check installed boolean, refactor clock injection logic

cleanup clock injection code

remove todo about poststarthook url registration from healthz
 2019-06-17 11:16:13 -07:00
wangqingcan
52f3380ef3 change preempting to PreemptionPolicy 2019-05-31 12:42:05 +08:00
wangqingcan
5c9438c691 non-preempting-priorityclass 
Co-authored-by: Vallery Lancey <vallery@zeitgeistlabs.io>
Co-authored-by: Tan shanshan <tan.shanshan@zte.com.cn>
 2019-05-31 12:37:07 +08:00
Kubernetes Prow Robot
b8eecd671d
Merge pull request #69941 from miguelbernadi/fix-golint-issues-68026 
Fix golint issues in plugin/pkg/admission
 2019-05-30 08:38:26 -07:00
Vladimir Vivien
8e0cf65310 Enforce pod security policy for CSI inline 2019-05-29 15:38:21 -04:00
Joe Betz
cc2e3616f0 Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 2019-05-28 15:10:22 -07:00
Joe Betz
9b504c474c Fix podpreset merging of envFrom to be idempontent 2019-05-28 11:16:56 -07:00
Morten Torkildsen
f1883c9e8c Support scale subresource for PDBs (#76294) 
* Support scale subresource for PDBs

* Check group in finder functions

* Small fixes and more tests
 2019-05-23 22:24:17 -07:00
Miguel Bernabeu
f47da8a75d Fix golint violations in several plugins 2019-05-23 20:00:06 +02:00
Kubernetes Prow Robot
d5876954e1
Merge pull request #76178 from humblec/endpoint 
Create endpoint/service early to avoid unwanted create/delete volume transaction.
 2019-05-22 09:58:09 -07:00
Zihong Zheng
bff5f08e19 Allow service controller role to patch service status 
Co-authored-by: Josh Horwitz <horwitzja@gmail.com>
 2019-05-16 17:30:43 -07:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Kubernetes Prow Robot
09c4e10333
Merge pull request #74021 from andrewsykim/move-features-component-base 
Move feature gate package from k8s.io/apiserver to k8s.io/component-base
 2019-05-08 13:06:34 -07:00
Daniel (Shijun) Qian
5268f69405 fix duplicated imports of k8s code (#77484) 
* fix duplicated imports of api/core/v1

* fix duplicated imports of client-go/kubernetes

* fix duplicated imports of rest code

* change import name to more reasonable
 2019-05-08 10:12:47 -07:00