github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
80,602 Commits 1 Branch 31 Tags 1,019 MiB
e8b369ff3c
Commit Graph

181 Commits

Author SHA1 Message Date
James Sturtevant
e8b369ff3c Windows: Adds RunAsUserName field in WindowsOptions 
Adds the field RunAsUserName in the WindowsSecurityContextOptions type,
which is used in PodSecurityContext and SecurityContext.

This field needs to allow for a valid set of usernames allowed for
Windows containers. It must have the format "U

This commit also validates the runAsUserName field, making sure that it valid,
having the format DOMAIN\USER (case insensitive), where DOMAIN\ is optional and
has to be a valid NetBios or DNS domain name.

For more information about the restrictions on the DOMAIN and USER parts, look here: [1] [2]

Adds the WindowsRunAsUserName alpha feature gate. By default, it is disabled.
If the feature gate is not enabled, the WindowsOptions.RunAsUserName field
will be dropped from both the PodSecurityContext and container
SecurityContext.

Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>

[1] https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
[2] https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1
 2019-07-17 15:03:04 +00:00
Khaled Henidak(Kal)
54d42e6a65 types modifications + conversion + conversion testing 2019-07-02 15:39:05 +00:00
Ted Yu
cf7c164ae3 Restore early return for podSpecHasContainer 2019-06-26 14:17:13 +08:00
Lee Verberne
ee821e2a04 Create helpers for iterating containers in a pod 2019-06-21 08:32:04 +00:00
Eric Ernst
d0b0c0ae45 pod-overhead: add Overhead to PodSpec internal type 
Update internal PodSpec to make use of Overhead field. Add validation
and validation tests.

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2019-06-18 08:05:35 -07:00
Kubernetes Prow Robot
b7fa33ec15
Merge pull request #77703 from ddebroy/inline-mig-1 
API changes to support migration of inline in-tree volumes to CSI
 2019-05-31 12:23:19 -07:00
j-griffith
123f1bac35 Enable PVC as DataSource for PVC creation 
This enables the ability to specify and existing PVC as a DataSource in
a new PVC Spec (eg "clone" and existing volume).
 2019-05-31 06:06:44 -06:00
wangqingcan
52f3380ef3 change preempting to PreemptionPolicy 2019-05-31 12:42:05 +08:00
Deep Debroy
c34309acdf API changes to support CSI migration of inline volumes 
Signed-off-by: Deep Debroy <ddebroy@docker.com>
 2019-05-30 09:34:47 +00:00
Tobias Hintze
8829efaeb0
Allow trailing dot for service.spec.externalName 2019-05-27 11:28:07 +02:00
Jean Rouge
a3e914528a API changes for Windows GMSA support 
This patch comprises the API changes outlined in the Windows GMSA KEP
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md)
to add GMSA support to Windows workloads.

It includes validation, as well as dropping fields if the `WindowsGMSA` feature
flag is not set, both with unit tests.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-05-16 15:32:59 -07:00
Kubernetes Prow Robot
3e7fa617b3
Merge pull request #77516 from gnufied/implement-resize-secrets 
Add a new field for storing volume expansion secrets
 2019-05-09 17:51:58 -07:00
Hemant Kumar
69393291b6 Add a new field for storing volume expansion secrets 
Fix pv secret visitor tests
Allow SecretRef for resizing to be set if not already set
 2019-05-09 13:53:47 -04:00
Àbéjídé Àyodélé
25df4e69a5 Clean up pkg/apis. 
These are based on recommendation from
[staticcheck](http://staticcheck.io/).
 2019-05-09 15:25:41 +00:00
Humble Chirammal
ee9079f8ec Use better variable names in validation.go 
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
 2019-04-01 09:43:36 +05:30
Kubernetes Prow Robot
9c5be7aa5f
Merge pull request #74686 from zhouhaibing089/add-trailing-period 
validation: allow trailing period in dns search
 2019-03-19 20:15:06 -07:00
Vladimir Vivien
4ec7d2305d CSI Inline Volume - API changes 2019-03-08 12:35:07 -05:00
Xing Yang
bb45b8ee34 Make CSINodeInfo and CSIDriver Core APIs 
This PR is the first step to transition CSINodeInfo and CSIDriver
CRD's to in-tree APIs. It adds them to the existing API group
“storage.k8s.io” as core storage APIs.
 2019-03-02 12:31:05 -08:00
zhouhaibing089
68beadefe4 validation: allow trailing period in dns search 
The trailing period tells the resolver to stop immediately instead
of trying recursively. With that said, trailing period should be
acceptable in searches.
 2019-02-27 14:21:52 -08:00
Kevin Taylor
a64b854137 Implementation of KEP Feature Gate VolumeSubpathEnvExpansion 2019-02-20 01:37:16 +00:00
Nikolaos Moraitis
c7e103fd44 apis:core:validation: remove unused, changes to idiomatic go 2019-02-09 18:07:18 +01:00
Kubernetes Prow Robot
152b09ac55
Merge pull request #73774 from liggitt/SCTPSupport 
Ensure conditional validation has knowledge of old and new object
 2019-02-06 17:35:17 -08:00
Jordan Liggitt
34ac165a44 Move conditional validation for SCTPSupport to validation functions with knowledge of old objects 2019-02-05 23:09:31 -05:00
Jordan Liggitt
d2dbd3997b Remove HugePages feature gate check in validation 2019-02-05 17:36:24 -05:00
Kubernetes Prow Robot
dc1244c6cd
Merge pull request #72785 from derekwaynecarr/hugepages-ga 
Graduate HugePages feature to GA
 2019-02-05 13:56:51 -08:00
Kubernetes Prow Robot
f3a6dbceb2
Merge pull request #68925 from casusbelli/fix_65312 
Adding Quobyte Tenant to QuobyteVolumeSource to enable deletion of persistent volumes
 2019-02-05 12:08:37 -08:00
Derek Carr
deae071d78 Graduate HugePages feature to GA 2019-02-02 00:21:10 -05:00
Kubernetes Prow Robot
235b32e8ad
Merge pull request #72832 from MrHohn/pod-dns-config-ga 
Graduate CustomPodDNS feature to GA
 2019-02-01 18:29:17 -08:00
Silvan Kaiser
cc71b0aebd Adding Tenant to QuobyteVolumeSource 
Adds the tenant id to the QuobyteVolumeSource type and
updates the quobyte api client to support looking up
volume ids.
 2019-01-22 14:42:12 +01:00
Kubernetes Prow Robot
52d4500f23
Merge pull request #72714 from mourya007/features_gate 
Move TokenRequestProjection feature gate out of validation
 2019-01-11 15:53:51 -08:00
Zihong Zheng
f2750dd043 Graduate CustomPodDNS feature to GA 2019-01-11 11:28:26 -08:00
Rajath Agasthya
da6c97f710 Remove ExpandPersistentVolumes feature gate from validation 
Drops new PV Status.Conditions if old PV Status.Conditions was not set.
 2019-01-10 12:43:20 -08:00
mourya007
d0b35d1b05 Move TokenRequestProjection feature gate out of validation 2019-01-11 00:49:30 +05:30
Rajath Agasthya
5de2d7694d Remove Sysctls feature gate from validation 2019-01-09 18:56:11 -08:00
Kubernetes Prow Robot
49891cc270
Merge pull request #72698 from rajathagasthya/podsharepsnamespace-72651 
Move PodShareProcessNamespace feature gate out of validation
 2019-01-09 07:40:00 -08:00
Rajath Agasthya
86165ac878 Move pod ReadinessGates feature gate out of validation 2019-01-08 21:37:43 -08:00
Kubernetes Prow Robot
45b54f5c44
Merge pull request #72686 from sbezverk/PersistentLocalVolumes 
Moving PersistentLocalVolumes feature gate check from validation
 2019-01-08 19:22:40 -08:00
Kubernetes Prow Robot
3035edcc36
Merge pull request #72666 from rajathagasthya/pvc-72651 
Move VolumeSnapshotDataSource feature gate check from validation
 2019-01-08 19:22:30 -08:00
Rajath Agasthya
4e1d4caa8f Move PodShareProcessNamespace feature gate out of validation 2019-01-08 14:31:51 -08:00
Serguei Bezverkhi
8915e90398 PersistentLocalVolumes validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-01-08 11:00:29 -05:00
Kubernetes Prow Robot
8728ecc27d
Merge pull request #72664 from sbezverk/ResourceQuotaScopeSelectors 
Move ResourceQuotaSelector out of validation
 2019-01-08 02:02:59 -08:00
Serguei Bezverkhi
d79475c801 add ResourceQuotaSelector validation and tests 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-01-07 23:15:39 -05:00
Rajath Agasthya
88abcb7419 Move VolumeSnapshotDataSource feature gate check from validation 2019-01-07 20:02:01 -08:00
Jordan Liggitt
cd4f626f66 Move AppArmor feature-gate checking out of validation 2019-01-07 15:10:11 -05:00
Kubernetes Prow Robot
43f0423de6
Merge pull request #72419 from liggitt/allowed-proc-mount-validation 
Validate PSP allowedProcMountTypes
 2018-12-29 13:41:11 -08:00
Serguei Bezverkhi
e61b76fb8c node config_source 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2018-12-29 13:19:37 -05:00
Jordan Liggitt
cb76da9fd7 Validate PSP allowedProcMountTypes 2018-12-29 00:18:01 -05:00
Kubernetes Prow Robot
456ffa0453
Merge pull request #72375 from sbezverk/containers_volumedevices 
VolumeDevices validation and tests
 2018-12-27 17:39:05 -08:00
Kubernetes Prow Robot
66bf481114
Merge pull request #72382 from liggitt/volumescheduling-ga 
Stop checking VolumeScheduling feature gate
 2018-12-27 15:54:18 -08:00
Jordan Liggitt
73dcfe12da Stop checking VolumeScheduling feature gate 2018-12-27 17:45:45 -05:00