Commit Graph

3441 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
cb41d5002c Merge pull request #111061 from pacoxu/key-encipherment-optional
modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates
2022-08-02 18:55:51 -07:00
Kubernetes Prow Robot
6fbeacdf73 Merge pull request #111435 from soltysh/cronjob_timezone_beta
Promote CronJobTimeZone to beta
2022-08-02 16:23:51 -07:00
Paco Xu
e6176c28b7 modify the signing/approving controller to tolerate either set of usages for kubelet client and serving certificates
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
2022-08-03 05:12:04 +08:00
Roman Bednar
caf2f41084 add tests for pvc update validation 2022-08-02 20:52:04 +02:00
Roman Bednar
f051cc7e0e allow pvc spec StorageClass name mutation if the feature is enabled 2022-08-02 20:52:04 +02:00
Roman Bednar
0f0d61f91c pass down feature gate to PVC validation opts 2022-08-02 20:52:04 +02:00
Maciej Szulik
130845c937 Change validation tests such that they accept valid values from a
provided TZ database and fail on any other values
2022-08-02 16:53:10 +02:00
Maciej Szulik
8fd81c6573 Promote CronJobTimeZone to beta 2022-08-02 16:53:04 +02:00
Michal Wozniak
04fcbd721c Introduction of a pod condition type indicating disruption. Its reason field indicates the reason:
- PreemptionByKubeScheduler (Pod preempted by kube-scheduler)
- DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint)
- EvictionByEvictionAPI (Pod evicted by Eviction API)
- DeletionByPodGC (an orphaned Pod deleted by PodGC)PreemptedByScheduler (Pod preempted by kube-scheduler)
2022-08-02 11:12:16 +02:00
Tim Hockin
0e1c15e099 Remove some unused functions 2022-08-01 23:52:46 -07:00
Sascha Grunert
584783ee9f Partly remove support for seccomp annotations
We now partly drop the support for seccomp annotations which is planned
for v1.25 as part of the KEP:

https://github.com/kubernetes/enhancements/issues/135

Pod security policies are not touched by this change and therefore we
have to keep the annotation key constants.

This means we only allow the usage of the annotations for backwards
compatibility reasons while the synchronization of the field to
annotation is no longer supported. Using the annotations for static pods
is also not supported any more.

Making the annotations fully non-functional will be deferred to a
future release.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-08-01 09:19:29 +02:00
Kubernetes Prow Robot
d046a58de4 Merge pull request #111506 from sanwishe/event_validation
Correct event validation messages using the core/v1 field name `reportingComponent`
2022-07-31 22:00:28 -07:00
Kubernetes Prow Robot
3902a53419 Merge pull request #111441 from denkensk/respect-topology
Respect PodTopologySpread after rolling upgrades
2022-07-30 01:40:42 -07:00
Alex Wang
86a2a85e7d code generated by script for MatchLabelKeys in TopologySpreadConstraint
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
2022-07-30 13:24:55 +08:00
Alex Wang
e6c2bf8516 api defination for MatchLabelKeys in TopologySpreadConstraint
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
2022-07-30 13:21:16 +08:00
Kubernetes Prow Robot
cf2800b812 Merge pull request #111402 from verb/111030-ec-ga
Promote EphemeralContainers feature to GA
2022-07-29 19:29:20 -07:00
sanwishe
e88a0478f2 correct event validation messages 2022-07-29 09:42:47 +00:00
Kubernetes Prow Robot
c06031959f Merge pull request #111401 from verb/111028-container-validation
Improve tests and fix bugs in container validation
2022-07-28 12:43:11 -07:00
Lee Verberne
537e73601d Further cleanup of container validation 2022-07-28 19:38:59 +02:00
Xuzheng Chang
ffe4ae23f3 fix ambiguous comments of priorityClass update validation 2022-07-27 15:30:47 +08:00
Davanum Srinivas
a9593d634c Generate and format files
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:05 -04:00
Lee Verberne
1dc040082c Refactor container validation
Refactor common validation into methods that validate a single container
and call these methods when iterating the three types of container
lists. Move initContainer-specific validation from validateContainers to
validateInitContainers.

This resolves issues where init and ephemeral containers would return
duplicate or incorrectly formatted errors for problems detected by
validateContainers.
2022-07-26 07:19:56 +02:00
Lee Verberne
dbbbf8502e Improve container validation test coverage
Adds missing tests based on KUBE_COVER and checks that errors returned
by validation are of the type and for the field expected. Fixes tests
that had multiple errors so later failures aren't masked if there's
a regression in only one of the errors.
2022-07-26 07:05:02 +02:00
Lee Verberne
4a7fd2a614 Use structs for container validation test
This introduces no changes to unit tests other than to switch from
map-based to struct-based tables in TestValidateContainers and
TestValidateInitContainers in order to make diffs for later commits
easier to read.
2022-07-26 06:47:43 +02:00
Lee Verberne
d238e67ba6 Remove EphemeralContainers feature-gate checks 2022-07-26 02:55:30 +02:00
Lee Verberne
bc3c5ae269 Remove EphemeralContainers beta disclaimer 2022-07-26 02:53:45 +02:00
Kubernetes Prow Robot
7156c96e5d Merge pull request #111194 from ravisantoshgudimetla/promote-maxSurge-ga
Promote DS max surge to GA
2022-07-25 06:20:46 -07:00
Kubernetes Prow Robot
4885f4d750 Merge pull request #111229 from ravisantoshgudimetla/promote-podOS-GA
Promote pod OS  to GA
2022-07-19 10:12:19 -07:00
Kubernetes Prow Robot
b436d3e703 Merge pull request #108331 from humblec/dns
csi: validate the secretnames in CSI spec against NameIsDNSSubdomain
2022-07-19 10:12:07 -07:00
Humble Chirammal
e2ab0f93e6 Add unit tests for allowSubDomainSecret format validation
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-07-19 19:18:15 +05:30
Humble Chirammal
5c92e4b816 csi: validate the secretnames in the CSI spec against NameIsDNSSubdomain
At present the CSI spec secret name validation for ControllerPublish,
ControllerExpand, NodePublish secrets are performed against
ValidateDNS1123Label() and it causes the secret name validation
inside the CSI spec to go wrong if the secret name is more than 63 chars.

Kubernetes allow the secret object name to be on `DNS SubDomainName`
and having a secret name length between 0-253 is correct/valid. So the CSI
spec validation also has to be performed accordingly.

This commit address this issue in validation for above mentioned funcs.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-07-19 19:18:09 +05:30
Ravi Gudimetla
e9ce94edf5 api: Promote PodOS field to GA 2022-07-18 23:27:59 -04:00
Ravi Gudimetla
b79ebb8165 Promote PodOS field to GA 2022-07-18 23:27:58 -04:00
Kubernetes Prow Robot
1c1efde70d Merge pull request #109639 from Abirdcfly/fixduplicateimport
cleanup: remove all duplicate import
2022-07-18 16:55:23 -07:00
Kubernetes Prow Robot
bd1c9c1c5b Merge pull request #110388 from sanposhiho/graduate-mindomain-beta
Graduate MinDomains in Pod Topology Spread to beta
2022-07-18 15:36:06 -07:00
Ravi Gudimetla
6ac7d4127a api: Promote DS maxSurge to GA 2022-07-18 07:55:00 -04:00
Ravi Gudimetla
7397c029e8 Promote DS MaxSurge to GA 2022-07-18 07:54:59 -04:00
Kubernetes Prow Robot
a156de9661 Merge pull request #111169 from HecarimV/fix-22071511
Remove redundant variable definitions in apis/autoscaling
2022-07-15 16:49:21 -07:00
Kubernetes Prow Robot
b3057e7ccc Merge pull request #106834 from mengjiao-liu/sysctl-allow-slashes
Add support for slash as sysctl separator to Pod securityContext field and to PodSecurityPolicy
2022-07-15 01:04:24 -07:00
HaoJie Liu
66205bb313 Remove redundant variable definitions in apis/autoscaling
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>
2022-07-15 14:03:59 +08:00
Kubernetes Prow Robot
e5f4f8d71b Merge pull request #110896 from ravisantoshgudimetla/promote-minReadySec-sts-update-ga
Promote minReadySeconds to GA
2022-07-14 09:45:09 -07:00
Abirdcfly
00b9ead02c cleanup: remove duplicate import
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
2022-07-14 11:25:19 +08:00
Ravi Gudimetla
05f20dced0 api: Promote statefulset MinReadySeconds to GA 2022-07-13 11:37:10 -04:00
Ravi Gudimetla
9144250a92 Promote minReadySeconds to GA 2022-07-13 11:37:10 -04:00
Kensei Nakada
c328841159 Update doc comment 2022-07-11 15:11:04 +00:00
Kubernetes Prow Robot
3251d4cff6 Merge pull request #111010 from thockin/remove-refs-to-EndpointSliceNodeName
Remove obsolete refs to gate EndpointSliceNodeName
2022-07-08 05:41:47 -07:00
Tim Hockin
c2ee067221 Remove obsolete refs to gate EndpointSliceNodeName 2022-07-07 13:19:59 -07:00
Tim Hockin
55232e2ef7 Rename IPFamilyPolicyType => IPFamilyPolicy 2022-07-06 15:42:26 -07:00
Kubernetes Prow Robot
65361245ed Merge pull request #110824 from Abirdcfly/simple
cleanup:use copy other than for loop
2022-07-06 12:03:33 -07:00
Kubernetes Prow Robot
bd2776e0c9 Merge pull request #110868 from rikatz/endport-to-ga
Promote endPort in Network Policy to GA
2022-07-05 19:48:49 -07:00