github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
79,755 Commits 1 Branch 31 Tags 1,019 MiB
eb145bef43
Commit Graph

513 Commits

Author SHA1 Message Date
Han Kang
54dcf5c9c4 add readyz endpoint for kube-apiserver readiness checks 
add startup sequence duration and readyz endpoint

add rbac bootstrapping policy for readyz

add integration test around grace period and readyz

rename startup sequence duration flag

copy health checks to fields

rename health-check installed boolean, refactor clock injection logic

cleanup clock injection code

remove todo about poststarthook url registration from healthz
 2019-06-17 11:16:13 -07:00
Morten Torkildsen
f1883c9e8c Support scale subresource for PDBs (#76294) 
* Support scale subresource for PDBs

* Check group in finder functions

* Small fixes and more tests
 2019-05-23 22:24:17 -07:00
Kubernetes Prow Robot
d5876954e1
Merge pull request #76178 from humblec/endpoint 
Create endpoint/service early to avoid unwanted create/delete volume transaction.
 2019-05-22 09:58:09 -07:00
Zihong Zheng
bff5f08e19 Allow service controller role to patch service status 
Co-authored-by: Josh Horwitz <horwitzja@gmail.com>
 2019-05-16 17:30:43 -07:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
Humble Chirammal
7544b53693 Create endpoint/service early to avoid unwanted create/delete volume transaction. 
At times, for some reason endpoint/service creation can fail in a setup. As we
currently create endpoint/service after volume creation, later we need rollback
of this volume transaction if endpoint/service creation failed. Considering
endpoint/service creation is light weight, this patch promote endpoint/service
creation to an early stage.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
 2019-04-10 19:06:27 +05:30
Guoliang Wang
128fd8843d Move cloud-specific roles out of RBAC bootstrap 2019-04-02 19:17:53 +08:00
Kubernetes Prow Robot
531dbd409f
Merge pull request #75445 from shinytang6/enhance/fmt 
Replace all time.Now().Sub with time.Since
 2019-03-26 13:55:17 -07:00
WanLinghao
244b244f9d Migrate the controller to use TokenRequest and rotate token periodically 2019-03-25 14:54:22 +08:00
shinytang6
5c9f4d9dc6 replace time.Now().Sub with time.Since 2019-03-21 18:02:55 +08:00
Tim Allclair
0604256d6c Update tests for RuntimeClass beta 2019-03-08 13:21:52 -08:00
David Zhu
41b3579345 Address review comments 2019-03-07 17:17:09 -08:00
David Zhu
7d2f4e97b8 Add ADC Fallback if Node doesn't have driver installed 2019-03-07 14:47:38 -08:00
Kubernetes Prow Robot
6c31101257
Merge pull request #74283 from xing-yang/csi_crd_controller 
CSINodeInfo and CSIDriver Controller Changes
 2019-03-05 04:44:42 -08:00
Kubernetes Prow Robot
02bd34e7b0
Merge pull request #74531 from liggitt/ingress-rbac 
Update RBAC roles for networking.k8s.io ingresses
 2019-03-05 00:48:01 -08:00
Xing Yang
85867e5625 Modify node admission and node authorizer 2019-03-04 16:42:12 -08:00
Kubernetes Prow Robot
f16035600a
Merge pull request #73807 from dekkagaijin/discovery-hardening 
harden the default RBAC discovery clusterrolebindings
 2019-03-01 21:49:30 -08:00
Jake Sanders
9c7d31928d harden the default RBAC discovery clusterrolebindings 2019-03-01 18:45:05 -08:00
Andrew Kim
01933b02a3 replace usage of v1beta1 VolumeAttachments with v1 2019-02-27 15:42:12 -05:00
Jordan Liggitt
85165b40fa Update RBAC roles for networking.k8s.io ingresses 2019-02-25 11:40:44 -05:00
Kubernetes Prow Robot
834c9a5e3d
Merge pull request #72491 from liggitt/delegated-auth-permissions 
Ensure controller manager and scheduler can perform delegated auth checks
 2019-02-08 11:53:52 -08:00
Jordan Liggitt
4212a9a05a Ensure controller manager and scheduler can perform delegated auth checks 2019-02-08 11:15:52 -05:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Jordan Liggitt
52519ecb1c remove deprecated openapi paths in favor of /openapi/v2 2019-01-21 16:33:41 -05:00
Jordan Liggitt
9229399bd6 Remove build/verify scripts for swagger 1.2 API docs, API server swagger ui / swagger 1.2 config 2019-01-15 13:33:06 -05:00
Jordan Liggitt
73dcfe12da Stop checking VolumeScheduling feature gate 2018-12-27 17:45:45 -05:00
wojtekt
546ece7b2c Promote NodeLease to Beta and enable by default 2018-12-17 10:19:22 +01:00
k8s-ci-robot
5289fab2f6
Merge pull request #71396 from liggitt/forbidden-messages 
Improve node authorizer and noderestriction forbidden messages
 2018-11-30 00:04:46 -08:00
WanLinghao
0bab5ee5ad Currently the root-ca-cert-publisher was shadowed by BoundServiceAccountTokenVolume feature gate. 
But its corresponding bootstrap RBAC policy was shadowed by TokenRequest feature gate.
This patch fix it.
 2018-11-27 11:44:35 +08:00
Jordan Liggitt
16e355791f Improve node authorizer and noderestriction forbidden messages 2018-11-24 09:31:10 -05:00
Jordan Liggitt
8d7cc39031 Remove self-deletion permissions from kubelets 2018-11-14 00:42:06 -05:00
k8s-ci-robot
94c5953904
Merge pull request #70699 from liggitt/controllerrevisions 
Include read access to controllerrevisions for admin/edit/view roles
 2018-11-11 21:17:39 -08:00
Davanum Srinivas
954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
k8s-ci-robot
f212b9db23
Merge pull request #70598 from dims/switch-from-sigs.k8s.io/yaml-to-ghodss/yaml 
Switch to sigs.k8s.io/yaml from ghodss/yaml
 2018-11-08 10:57:36 -08:00
k8s-ci-robot
3f5db92840
Merge pull request #68812 from WanLinghao/token_projection_ca_secret_create 
Create Ca-certificate configmap  used by token projected volume
 2018-11-08 10:57:25 -08:00
WanLinghao
efac533f92 To inject ca.crt into container when projected volume was specified, configmap should be created in each namespace. 
This patch add a controller called "root-ca-cert-publisher" to complete above job as well as some bootstrap rbac policies.
 2018-11-08 11:33:47 +08:00
Davanum Srinivas
43f523d405
Switch to sigs.k8s.io/yaml from ghodss/yaml 
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31
 2018-11-07 13:17:32 -05:00
Jordan Liggitt
001627000f Include read access to controllerrevisions for admin/edit/view roles 2018-11-06 10:23:39 -05:00
Jordan Liggitt
4cbdc98df3 node-isolation approvers/reviewers 2018-11-06 00:57:39 -05:00
Jordan Liggitt
9ae79f9653 authorizers subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Jordan Liggitt
4fa2a0cc8a authenticators subproject approvers/reviewers 2018-11-06 00:57:38 -05:00
Samuel Davidson
3558f83957 Revert "Improve multi-authorizer errors" 
This reverts commit 1c012f1c49.
 2018-10-29 11:05:45 -07:00
zuoxiu.jm
e3b61ea9cf switch informer in token authn 2018-10-24 15:46:55 +08:00
Mike Danese
e5227216c0 rebase authenticators onto new interface. 2018-10-22 10:16:59 -07:00
Eric Chiang
766f5875bf Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.
 2018-10-11 18:11:15 -07:00
Yu Liao
fc21115c3f Moved staging/src/k8s.io/client-go/tools/bootstrap to staging/src/k8s.io/cluster-bootstrap 2018-10-02 09:46:13 -07:00
Dalton Hubble
dfc3c83e64 Add configmap get to system:kube-controller-manager 
* v1.12.x kube-controller-manager tries to get the
extension-apiserver-authentication ConfigMap by default
 2018-09-26 22:03:27 +02:00
Cheng Xing
4ca39ef0ed Consolidated CSIDriver logic under CSIDriverRegistry flag 2018-09-10 13:34:40 -07:00
Cheng Xing
94d649b590 Rearranged feature flags 2018-09-07 17:45:27 -07:00
Cheng Xing
becc6a9c19 Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction. 2018-09-06 19:16:51 -07:00