github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,090 Commits 1 Branch 31 Tags 1,019 MiB
d311ce0435
Commit Graph

55 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
0c93f40374
Merge pull request #120995 from aroradaman/move-get-kernel-version 
move GetKernelVersion out of pkg/proxy/ipvs
 2023-10-31 20:23:41 +01:00
Paco Xu
36d6917ae1 valid error for creation and update from valid to invalid only 
- using an option AllowNamespacedSysctlsForHostNetAndHostIPC

Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-10-28 06:58:54 +08:00
Paco Xu
11de9543ee move sysctl namespace and some funcs to component helpers util 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-10-28 06:58:28 +08:00
Daman Arora
a375aa28ee pkg/proxy: move get kernel version out of ipvs proxier 
Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2023-10-28 00:54:34 +05:30
Kubernetes Prow Robot
3aec335a8f
Merge pull request #121207 from cyclinder/sysctl_log_level 
kubelet/sysctl: update log level
 2023-10-21 01:48:53 +02:00
HirazawaUi
1132fd0afd add tcp_fin_timeout, tcp_keepalive_intvl and tcp_keepalive_probes to safe sysctls 2023-10-15 23:05:40 +08:00
cyclinder
10151a5e38 kubelet/sysctl: update log level 2023-10-13 11:23:59 +08:00
cyclinder
0167a9f833 mark net.ipv4.tcp_keepalive_time as a safe sysctl 2023-10-11 10:24:19 +08:00
mantuliu
ee99ca25ee Remove unnecessary if judgments 2023-04-16 23:55:31 +08:00
Paco Xu
e154b73535 safe-sysctl: skip checking for windows 2023-03-22 07:40:29 +08:00
Paco Xu
bea956568f add ip_local_reserved_ports to safe sysctl allow list only if kernel version >= 3.16 2023-03-02 12:40:42 +08:00
Paco Xu
ca4022c4da add net.ipv4.ip_local_reserved_ports to safe sysctls 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-02-27 19:02:20 +08:00
mantuliu
3f8ada67c5 impove the coverage 
Signed-off-by: mantuliu <240951888@qq.com>
 2023-02-01 10:47:38 +08:00
mantuliu
52e7bf58cf cut avoid unnecessary code duplications 
Signed-off-by: mantuliu <240951888@qq.com>
 2023-01-31 23:55:09 +08:00
mantuliu
8ca97dcde1 Add test for pkg/kubelet/sysctl/allowlist_test.go 2023-01-29 22:48:27 +08:00
SataQiu
7308b83a99 remove the unused constant AnnotationInvalidReason since sysctl annotations are deprecated and migrated to fields 2022-09-30 14:53:46 +08:00
dengyufeng2206
e20071792f fix test order in pkg/kubelet/sysctl/util_test.go 
Signed-off-by: dengyufeng2206 <deng.yufeng@zte.com.cn>
 2022-09-08 17:20:22 +08:00
Davanum Srinivas
a9593d634c
Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-07-26 13:14:05 -04:00
Mengjiao Liu
20bb84b3f1 Pod SecurityContext and PodSecurityPolicy supports slash as sysctl separator 2022-06-22 10:24:35 +08:00
Jordan Liggitt
410ac59c0d Remove PodSecurityPolicy admission plugin 2022-05-04 16:00:56 -04:00
Mengjiao Liu
275d832ce2 Upgrade preparation to verify sysctl values containing forward slashes by regex 2021-11-04 11:49:56 +08:00
Wesley Williams
ff165c8823
Replace usage of Whitelist with Allowlist within Kubelet's sysctl package (#102298) 
* Change uses of whitelist to allowlist in kubelet sysctl

* Rename whitelist files to allowlist in Kubelet sysctl

* Further renames of whitelist to allowlist in Kubelet

* Rename podsecuritypolicy uses of whitelist to allowlist

* Update pkg/kubelet/kubelet.go

Co-authored-by: Danielle <dani@builds.terrible.systems>

Co-authored-by: Danielle <dani@builds.terrible.systems>
 2021-08-04 18:59:35 -07:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Kubernetes Prow Robot
2f2923fc33
Merge pull request #86802 from Aresforchina/fix-staticcheck-test04 
make kubelet sysctl constants private
 2020-06-19 04:37:59 -07:00
mattjmcnaughton
9e1c99c4e2
Delete the sysctl runtime admit handler 
As of https://github.com/kubernetes/kubernetes/pull/72831, the minimum
docker version is 1.13.1. (and the minimum API version is 1.26). The
only time the `RuntimeAdmitHandler` returns anything other than accept
is when the Docker API version < 1.24. In other words, we can be
confident that Docker will always support sysctl.

As a result, we can delete this unnecessary and docker-specific code.
 2020-01-22 08:51:39 -05:00
Aresforchina
2293b47346 add some comments for const variable 2020-01-03 23:28:21 +08:00
Jan Chaloupka
3cc15363bc Run make update 2018-06-06 00:12:40 +02:00
Jan Chaloupka
ab616a88b9 Promote sysctl annotations to API fields 2018-06-05 23:17:00 +02:00
Slava Semushin
6767e233ed Update generated files. 
In order to make it compilable I had to remove these files manually:

pkg/client/listers/extensions/internalversion/podsecuritypolicy.go
pkg/client/informers/informers_generated/internalversion/extensions/internalversion/podsecuritypolicy.go
pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/podsecuritypolicy.go
pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_podsecuritypolicy.go
 2018-04-11 18:35:24 +02:00
Slava Semushin
8a7d5707d5 PSP: move internal types from extensions to policy. 2018-04-11 18:35:09 +02:00
Filipe Brandenburger
8df9274e02 Remove rktnetes code 
rktnetes is scheduled to be deprecated in 1.10 (#53601). According to
the deprecation policy for beta CLI and flags, we can remove the feature
in 1.11.

Fixes #58721
 2018-03-27 09:29:35 -07:00
Cao Shufeng
530c459ff2 clean up sysctl code 2018-02-23 16:41:53 +08:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Lantao Liu
06d8f5fe4a Admit sysctls for other runtime. 2017-08-09 18:08:29 +00:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Yu-Ju Hong
fccf34ccb6 Remove various references of dockertools 
Also update the bazel files.
 2017-05-11 10:01:41 -07:00
Yu-Ju Hong
cf3635c876 Update bazel BUID files 2017-05-05 11:48:08 -07:00
Yu-Ju Hong
8cc4b3a81e Move legacy log symlink to kuberuntime 
Also remove the dockertools.DockerType constant.
 2017-05-05 11:48:08 -07:00
Chao Xu
d4850b6c2b move pkg/api/v1/helpers.go to subpackage 2017-04-14 14:25:11 -07:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese
161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Chao Xu
bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00