github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
82,633 Commits 1 Branch 31 Tags 1,019 MiB
cafbfbea9a
Commit Graph

191 Commits

Author SHA1 Message Date
Claudiu Belu
cafbfbea9a api: Loosens RunAsUserName validation 
Currently, the character limit for the usernames set in the RunAsUserName is 20,
which is too low, considering that "ContainerAdministrator" is a valid username and
it is longer than 20 characters. A user should be able to run containers as
Administrator, if needed.

According to [1], Logon names can be up to 104 characters. The previous limit
only applies to local user accounts for the local system.

[1] https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb726984(v=technet.10)
 2019-08-28 13:03:44 -07:00
Khaled Henidak(Kal)
5e8ccda71c phase 2: api types + defaulting + validation + disabled fields handling 2019-08-28 15:59:43 +00:00
Kubernetes Prow Robot
7a6e9fd8a9
Merge pull request #80512 from casusbelli/bugfix_80332 
Removes conflicting Quobyte tenant test from API validation
 2019-08-16 17:02:08 -07:00
Silvan Kaiser
a11e6a80a1 Removes conflicting Quobyte tenant test error from API validation 2019-08-16 14:06:25 +02:00
Kubernetes Prow Robot
6c0c167829
Merge pull request #80395 from Huang-Wei/cleanup-eps-validation 
Optimize logic in EvenPodsSpread API validation
 2019-08-07 20:09:41 -07:00
Jordan Liggitt
2e604bedc8 Make Overhead validation unconditional 2019-08-02 20:09:52 -04:00
Jordan Liggitt
802e765444 Preserve existing ephemeral containers on update, validate unconditionally 2019-08-02 20:00:01 -04:00
Wei Huang
cfd97ba070
Optimize logic in EvenPodsSpread API validation 2019-07-23 16:27:39 -07:00
Lee Verberne
013f049ce0 Add Ephemeral Containers to the Kubernetes core API 2019-07-22 11:19:22 +00:00
Wei Huang
49da505a9a
EvenPodsSpread: api changes 2019-07-18 17:34:26 -07:00
James Sturtevant
e8b369ff3c Windows: Adds RunAsUserName field in WindowsOptions 
Adds the field RunAsUserName in the WindowsSecurityContextOptions type,
which is used in PodSecurityContext and SecurityContext.

This field needs to allow for a valid set of usernames allowed for
Windows containers. It must have the format "U

This commit also validates the runAsUserName field, making sure that it valid,
having the format DOMAIN\USER (case insensitive), where DOMAIN\ is optional and
has to be a valid NetBios or DNS domain name.

For more information about the restrictions on the DOMAIN and USER parts, look here: [1] [2]

Adds the WindowsRunAsUserName alpha feature gate. By default, it is disabled.
If the feature gate is not enabled, the WindowsOptions.RunAsUserName field
will be dropped from both the PodSecurityContext and container
SecurityContext.

Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>

[1] https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
[2] https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1
 2019-07-17 15:03:04 +00:00
Khaled Henidak(Kal)
54d42e6a65 types modifications + conversion + conversion testing 2019-07-02 15:39:05 +00:00
Ted Yu
cf7c164ae3 Restore early return for podSpecHasContainer 2019-06-26 14:17:13 +08:00
Lee Verberne
ee821e2a04 Create helpers for iterating containers in a pod 2019-06-21 08:32:04 +00:00
Eric Ernst
d0b0c0ae45 pod-overhead: add Overhead to PodSpec internal type 
Update internal PodSpec to make use of Overhead field. Add validation
and validation tests.

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-18 08:05:35 -07:00
Kubernetes Prow Robot
b7fa33ec15
Merge pull request #77703 from ddebroy/inline-mig-1 
API changes to support migration of inline in-tree volumes to CSI
 2019-05-31 12:23:19 -07:00
j-griffith
123f1bac35 Enable PVC as DataSource for PVC creation 
This enables the ability to specify and existing PVC as a DataSource in
a new PVC Spec (eg "clone" and existing volume).
 2019-05-31 06:06:44 -06:00
wangqingcan
52f3380ef3 change preempting to PreemptionPolicy 2019-05-31 12:42:05 +08:00
Deep Debroy
c34309acdf API changes to support CSI migration of inline volumes 
Signed-off-by: Deep Debroy <ddebroy@docker.com>
 2019-05-30 09:34:47 +00:00
Tobias Hintze
8829efaeb0
Allow trailing dot for service.spec.externalName 2019-05-27 11:28:07 +02:00
Jean Rouge
a3e914528a API changes for Windows GMSA support 
This patch comprises the API changes outlined in the Windows GMSA KEP
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md)
to add GMSA support to Windows workloads.

It includes validation, as well as dropping fields if the `WindowsGMSA` feature
flag is not set, both with unit tests.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-05-16 15:32:59 -07:00
Kubernetes Prow Robot
3e7fa617b3
Merge pull request #77516 from gnufied/implement-resize-secrets 
Add a new field for storing volume expansion secrets
 2019-05-09 17:51:58 -07:00
Hemant Kumar
69393291b6 Add a new field for storing volume expansion secrets 
Fix pv secret visitor tests
Allow SecretRef for resizing to be set if not already set
 2019-05-09 13:53:47 -04:00
Àbéjídé Àyodélé
25df4e69a5 Clean up pkg/apis. 
These are based on recommendation from
[staticcheck](http://staticcheck.io/).
 2019-05-09 15:25:41 +00:00
Humble Chirammal
ee9079f8ec Use better variable names in validation.go 
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
 2019-04-01 09:43:36 +05:30
Kubernetes Prow Robot
9c5be7aa5f
Merge pull request #74686 from zhouhaibing089/add-trailing-period 
validation: allow trailing period in dns search
 2019-03-19 20:15:06 -07:00
Vladimir Vivien
4ec7d2305d CSI Inline Volume - API changes 2019-03-08 12:35:07 -05:00
Xing Yang
bb45b8ee34 Make CSINodeInfo and CSIDriver Core APIs 
This PR is the first step to transition CSINodeInfo and CSIDriver
CRD's to in-tree APIs. It adds them to the existing API group
“storage.k8s.io” as core storage APIs.
 2019-03-02 12:31:05 -08:00
zhouhaibing089
68beadefe4 validation: allow trailing period in dns search 
The trailing period tells the resolver to stop immediately instead
of trying recursively. With that said, trailing period should be
acceptable in searches.
 2019-02-27 14:21:52 -08:00
Kevin Taylor
a64b854137 Implementation of KEP Feature Gate VolumeSubpathEnvExpansion 2019-02-20 01:37:16 +00:00
Nikolaos Moraitis
c7e103fd44 apis:core:validation: remove unused, changes to idiomatic go 2019-02-09 18:07:18 +01:00
Kubernetes Prow Robot
152b09ac55
Merge pull request #73774 from liggitt/SCTPSupport 
Ensure conditional validation has knowledge of old and new object
 2019-02-06 17:35:17 -08:00
Jordan Liggitt
34ac165a44 Move conditional validation for SCTPSupport to validation functions with knowledge of old objects 2019-02-05 23:09:31 -05:00
Jordan Liggitt
d2dbd3997b Remove HugePages feature gate check in validation 2019-02-05 17:36:24 -05:00
Kubernetes Prow Robot
dc1244c6cd
Merge pull request #72785 from derekwaynecarr/hugepages-ga 
Graduate HugePages feature to GA
 2019-02-05 13:56:51 -08:00
Kubernetes Prow Robot
f3a6dbceb2
Merge pull request #68925 from casusbelli/fix_65312 
Adding Quobyte Tenant to QuobyteVolumeSource to enable deletion of persistent volumes
 2019-02-05 12:08:37 -08:00
Derek Carr
deae071d78 Graduate HugePages feature to GA 2019-02-02 00:21:10 -05:00
Kubernetes Prow Robot
235b32e8ad
Merge pull request #72832 from MrHohn/pod-dns-config-ga 
Graduate CustomPodDNS feature to GA
 2019-02-01 18:29:17 -08:00
Silvan Kaiser
cc71b0aebd Adding Tenant to QuobyteVolumeSource 
Adds the tenant id to the QuobyteVolumeSource type and
updates the quobyte api client to support looking up
volume ids.
 2019-01-22 14:42:12 +01:00
Kubernetes Prow Robot
52d4500f23
Merge pull request #72714 from mourya007/features_gate 
Move TokenRequestProjection feature gate out of validation
 2019-01-11 15:53:51 -08:00
Zihong Zheng
f2750dd043 Graduate CustomPodDNS feature to GA 2019-01-11 11:28:26 -08:00
Rajath Agasthya
da6c97f710 Remove ExpandPersistentVolumes feature gate from validation 
Drops new PV Status.Conditions if old PV Status.Conditions was not set.
 2019-01-10 12:43:20 -08:00
mourya007
d0b35d1b05 Move TokenRequestProjection feature gate out of validation 2019-01-11 00:49:30 +05:30
Rajath Agasthya
5de2d7694d Remove Sysctls feature gate from validation 2019-01-09 18:56:11 -08:00
Kubernetes Prow Robot
49891cc270
Merge pull request #72698 from rajathagasthya/podsharepsnamespace-72651 
Move PodShareProcessNamespace feature gate out of validation
 2019-01-09 07:40:00 -08:00
Rajath Agasthya
86165ac878 Move pod ReadinessGates feature gate out of validation 2019-01-08 21:37:43 -08:00
Kubernetes Prow Robot
45b54f5c44
Merge pull request #72686 from sbezverk/PersistentLocalVolumes 
Moving PersistentLocalVolumes feature gate check from validation
 2019-01-08 19:22:40 -08:00
Kubernetes Prow Robot
3035edcc36
Merge pull request #72666 from rajathagasthya/pvc-72651 
Move VolumeSnapshotDataSource feature gate check from validation
 2019-01-08 19:22:30 -08:00
Rajath Agasthya
4e1d4caa8f Move PodShareProcessNamespace feature gate out of validation 2019-01-08 14:31:51 -08:00
Serguei Bezverkhi
8915e90398 PersistentLocalVolumes validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-01-08 11:00:29 -05:00