github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
102,108 Commits 1 Branch 31 Tags
ea3bcbc2050b89d11f005a2735c8808e45b8aa21
Commit Graph

10286 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
ea3bcbc205 Merge pull request #101946 from chendave/balance_allocation 
Support extended resource in NodeResourcesBalancedAllocation plugin
 2021-07-06 10:42:19 -07:00
Kubernetes Prow Robot
554c65fb77 Merge pull request #103495 from neolit123/1.22-fix-godoc-formatting-for-v1beta3 
kubeadm: fix godoc formatting for v1beta3
 2021-07-06 00:32:18 -07:00
Kubernetes Prow Robot
96dff7d0c7 Merge pull request #102832 from Yuan-Junliang/migrateProxyEventAPI 
Migrate kube-proxy event to use v1 Event API
 2021-07-05 17:44:17 -07:00
Lubomir I. Ivanov
94414bea47 kubeadm: fix godoc formatting for v1beta3 
Fix indentation of entries in the changelog and the migration steps.
 2021-07-05 20:52:18 +03:00
Kubernetes Prow Robot
d95c46a3e5 Merge pull request #98306 from borgerli/kube-proxy-log 
Support dynamically set log level for kube-proxy
 2021-07-05 03:23:05 -07:00
Kubernetes Prow Robot
120f6325a7 Merge pull request #103471 from pacoxu/patch-1 
kubeadm: fix nil pointer in  Cfg() feature gate checking
 2021-07-04 23:06:53 -07:00
Paco Xu
772344aef2 kubeadm: fix nil pointer in Cfg() feature gate checking 2021-07-05 09:59:57 +08:00
XinYang
c2a8cd359f re-order the imports in kubeadm 
Signed-off-by: XinYang <xinydev@gmail.com>

Update cmd/kubeadm/app/cmd/join.go

Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
 2021-07-04 16:41:27 +08:00
Kubernetes Prow Robot
5fe522c237 Merge pull request #101988 from vinayakankugoyal/kubeadm 
Remove users and groups created as part of rootless control-plane in kubeadm.
 2021-07-02 23:42:17 -07:00
Vinayak Goyal
1ae9b8f04d Update kernel components to run as non-root in kubeadm. 2021-07-02 17:37:55 -07:00
Kubernetes Prow Robot
1345a802de Merge pull request #103187 from Haleygo/fix-dry-run-when-using-externalCA 
Kubeadm init --dry-run should work when using an external ca
 2021-07-02 07:58:25 -07:00
Kubernetes Prow Robot
ce3bf862ee Merge pull request #102964 from neolit123/1.22-decouple-bootstraptoken-api 
kubeadm: decouple the bootstraptoken API from the kubeadm API
 2021-07-02 07:58:13 -07:00
Haleygo
6d6d200c3a dry-run can work when using an external ca 2021-07-02 18:53:51 +08:00
Kubernetes Prow Robot
659c7e709f Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 
csr: add expirationSeconds field to control cert lifetime
 2021-07-01 23:02:12 -07:00
Monis Khan
cd91e59f7c csr: add expirationSeconds field to control cert lifetime 
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
2d4753b898 Merge pull request #103360 from m14815/commit-21.6.3 
Error should be checked first, then go to other steps.
 2021-07-01 15:36:03 -07:00
Kubernetes Prow Robot
43ebff8fa4 Merge pull request #103306 from swetharepakula/convert-proxy 
Kubeproxy uses V1 EndpointSlice
 2021-07-01 14:28:11 -07:00
Lubomir I. Ivanov
622f69bf8d kubeadm: update v1beta3's godoc changelog 2021-07-02 00:12:25 +03:00
Lubomir I. Ivanov
11d444b00e kubeadm: remove versioned copies of the bootstrap token API and utils 
Given bootstraptoken/v1 is now a separate GV, there is no need
to duplicate the API and utilities inside v1beta3 and the internal
version.

v1beta2 must continue to use its internal copy due, since output/v1alpha1
embeds the v1beta2.BootstrapToken object. See issue 2427 in k/kubeadm.
 2021-07-02 00:11:49 +03:00
Lubomir I. Ivanov
14fa296bb3 kubeadm: use the bootstraptoken/v1 API across the code base 
- Make v1beta3 use bootstraptoken/v1 instead of local copies
- Make the internal API use bootstraptoken/v1
- Update validation, /cmd, /util and other packages
- Update v1beta2 conversion
 2021-07-02 00:11:49 +03:00
Lubomir I. Ivanov
5b7bda90c0 kubeadm: introduce apis/bootstraptoken/v1 
Package bootstraptoken contains an API and utilities wrapping the
"bootstrap.kubernetes.io/token" Secret type to ease its usage in kubeadm.

The API is released as v1, since these utilities have been part of a
GA workflow for 10+ releases.

The "bootstrap.kubernetes.io/token" Secret type is also GA.
 2021-07-02 00:11:49 +03:00
Kubernetes Prow Robot
3f4c39bbd7 Merge pull request #103063 from neolit123/1.22-add-patches-to-v1beta3 
kubeadm: add support for patches in v1beta3; deprecate --experimental-patches
 2021-07-01 02:25:54 -07:00
Kubernetes Prow Robot
5c23b61247 Merge pull request #103327 from SataQiu/fix-write-config-to 
kube-scheduler: ensure the default config output of --write-to-config is usable
 2021-06-30 21:00:06 -07:00
Swetha Repakula
03b7a699c2 Kubeproxy uses V1 EndpointSlice 2021-06-30 18:41:57 -07:00
Kubernetes Prow Robot
c206af0367 Merge pull request #103380 from vinayakankugoyal/bug 
Fix incorrect user and group for kube-scheduler when it is running as non-root.
 2021-06-30 17:21:53 -07:00
Vinayak Goyal
1c39cf2365 Fix incorrect user and group for kube-scheduler when it is running as non-root. 2021-06-30 11:28:15 -07:00
Lukasz Szaszkiewicz
4a2aef00d6 adds metrics for authorization webhook 2021-06-30 09:26:25 +02:00
SataQiu
6c86c34457 kube-scheduler: ensure the default config output of --write-to-config is usable 2021-06-30 13:26:27 +08:00
Dave Chen
1fa673c15c Extent the NodeResourcesBalancedAllocation plugin to cover more resources 
Signed-off-by: Dave Chen <dave.chen@arm.com>
 2021-06-30 11:15:12 +08:00
maruiyan
da4aaf81cd Error should be checked first, then go to other steps. 2021-06-30 11:00:55 +08:00
Kubernetes Prow Robot
7eaf2ebab2 Merge pull request #103313 from neolit123/1.22-fix-key-check-download-certs 
kubeadm: fix wrong check for keys/certs during "download-certs"
 2021-06-29 14:54:20 -07:00
Kubernetes Prow Robot
e0f66be1aa Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score 
Add score func for NodeResourcesFit plugin
 2021-06-29 13:42:20 -07:00
Lubomir I. Ivanov
5c00024c70 kubeadm: fix wrong check for keys/certs during "download-certs" 
During "join" of new control plane machines, kubeadm would
download shared certificates and keys from the cluster stored
in a Secret. Based on the contents of an entry in the Secret,
it would use helper functions from client-go to either write
it as public key, cert (mode 644) or as a private key (mode 600).

The existing logic is always writing both keys and certs with mode 600.
Allow detecting public readable data properly and writing some files
with mode 644.

First check the data with ParsePrivateKeyPEM(); if this passes
there must be at least one private key and the file should be written
with mode 600 as private. If that fails, validate if the data contains
public keys with ParsePublicKeysPEM() and write the file as public
(mode 644).

As a result of this new logic, and given the current set of managed
kubeadm files, .key files will end up with 600, while .crt and .pub
files will end up with 644.
 2021-06-29 23:42:04 +03:00
Kubernetes Prow Robot
dae03ba921 Merge pull request #99364 from p0lyn0mial/upstream-delegated-authn-metrics 
adds metrics for delegated authn
 2021-06-29 11:19:38 -07:00
yuzhiquan
deb14b995a Add score plugin for NodeResourcesFit 2021-06-29 13:16:55 -04:00
Lukasz Szaszkiewicz
322c18c147 adds metrics for authentication webhook 2021-06-29 09:49:14 +02:00
Kubernetes Prow Robot
bb309b5706 Merge pull request #103249 from wangyysde/update-kubeadm-help-msg 
correct example command of kubeadm help
 2021-06-28 14:24:28 -07:00
Kubernetes Prow Robot
883cacde77 Merge pull request #101413 from songxiao-wang87/run-test6 
Structured Logging migration: modify policy part logs of kube-controller-manager.
 2021-06-28 02:19:25 -07:00
wangyysde
39a373b162 correct example command of kubeadm help 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2021-06-28 16:12:52 +08:00
Kubernetes Prow Robot
015a0d9b01 Merge pull request #103130 from ahg-g/ahg-ca 
Add a function that returns default scheduler configuration
 2021-06-25 12:13:24 -07:00
David Ashpole
79550ed40c Add distributed tracing to the apiserver using OpenTelemetry 2021-06-25 05:20:27 -07:00
Kubernetes Prow Robot
042472d02d Merge pull request #103152 from navist2020/remove/deprecatedFlags 
kubeadm:remove deprecated flags CSROnly and CSRDir
 2021-06-24 16:38:19 -07:00
Kubernetes Prow Robot
82fe27a041 Merge pull request #103080 from krak7602/feat-test 
Stop using github.com/pkg/errors
 2021-06-24 15:27:40 -07:00
Kubernetes Prow Robot
2e93b3924a Merge pull request #101943 from saschagrunert/seccomp-default 
Add kubelet `SeccompDefault` alpha feature
 2021-06-24 13:07:41 -07:00
Abdullah Gharaibeh
b6a317aeaf add a function that returns default scheduler configuration 2021-06-24 11:48:35 -04:00
Kubernetes Prow Robot
06dfe683ce Merge pull request #103123 from dims/remove-fakefs-to-drop-spf13/afero-dependency 
Remove fakefs to drop spf13/afero dependency
 2021-06-24 07:57:41 -07:00
Davanum Srinivas
5feff280e1 remove fakefs to drop spf13/afero dependency 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-06-24 09:51:34 -04:00
navist2020
538e7777c3 kubeadm:remove deprecated flags CSROnly and CSRDir 2021-06-24 18:28:43 +08:00
Kubernetes Prow Robot
b0010c2d9e Merge pull request #103066 from MikeSpreitzer/apf-no-00 
Add config checking for inflight limits
 2021-06-23 18:25:40 -07:00
Kubernetes Prow Robot
3a07d96d25 Merge pull request #99412 from enj/enj/i/ttl_backdate 
csr: correctly handle backdating of short lived certs
 2021-06-23 15:00:10 -07:00