github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
119,745 Commits 1 Branch 31 Tags
ecfdc8fda55923c18708488ec1561a4fcf9f3e33
Commit Graph

19857 Commits

Author SHA1 Message Date
Taahir Ahmed
ecfdc8fda5 Define ClusterTrustBundlePEM projected volume 
This commit defines the ClusterTrustBundlePEM projected volume types.
These types have been renamed from the KEP (PEMTrustAnchors) in order to
leave open the possibility of a similar projection drawing from a
yet-to-exist namespaced-scoped TrustBundle object, which came up during
KEP discussion.

* Add the projection field to internal and v1 APIs.
* Add validation to ensure that usages of the project must specify a
  name and path.
* Add TODO covering admission control to forbid mirror pods from using
  the projection.

Part of KEP-3257.
 2023-11-03 11:40:48 -07:00
Taahir Ahmed
0fd1362782 ClusterTrustBundles: ClusterTrustBundleProjection feature gate 2023-11-03 11:40:48 -07:00
Kubernetes Prow Robot
c3eebb233d Merge pull request #121709 from aramase/aramase/f/authn_user_info_fix 
[StructuredAuthn] Ensure empty fields of user object are accessible by CEL
 2023-11-03 03:16:04 +01:00
Kubernetes Prow Robot
fb9c94b3a5 Merge pull request #121705 from liggitt/authz-config-webhook-test 
Add multi-webhook integration test
 2023-11-03 01:29:52 +01:00
Anish Ramasekar
b693f09d54 [StructuredAuthn] Ensure empty fields of user object are accessible by 
CEL

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-11-02 22:53:06 +00:00
Jordan Liggitt
44d89c8cf8 Include empty string attributes for CEL authz evaluation 2023-11-02 16:56:52 -04:00
Jordan Liggitt
2e2f51a441 Plumb failure policy from config to webhook construction 2023-11-02 16:56:51 -04:00
Jordan Liggitt
a000af25ff Require match condition version only if matchConditions are specified 2023-11-02 13:54:39 -04:00
Mohamed Omar Zaian
3c268b7524 etcd: Update to version 3.5.10 2023-11-02 10:30:41 +01:00
Kubernetes Prow Robot
227d1b2357 Merge pull request #119762 from AxeZhan/PollUntilContextCancel 
wait.PollUntilContextCancel immediately executes condition once
 2023-11-02 05:40:03 +01:00
Kubernetes Prow Robot
974735854b Merge pull request #121573 from tukwila/bump_etcd_v3.5.10 
bump etcd newest version: v3.5.10
 2023-11-01 15:33:13 +01:00
Patrick Ohly
878d037d3b dependencies: klog v2.110.1 
Dropping a newline at the end of the message when using klog calls is an
intentional improvement (https://github.com/kubernetes/klog/pull/378)
 2023-11-01 09:32:20 +01:00
guangli.bao
bc1df9e7da bump to newest etcd: v3.5.10 
Signed-off-by: guangli.bao <guangli.bao@daocloud.io>
 2023-11-01 11:59:31 +08:00
Humble Chirammal
3890546265 Update APIs and adjust tests 
Signed-off-by: zhucan <zhucan.k8s@gmail.com>
Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
 2023-11-01 09:28:36 +05:30
Kubernetes Prow Robot
6abff7457e Merge pull request #116516 from aojea/servicecidr 
KEP-1880 Multiple ServiceCIDR ( and IPAddress allocation)
 2023-11-01 03:52:24 +01:00
Kubernetes Prow Robot
593a17d3b6 Merge pull request #121575 from apelisse/update-smd 
Update sigs.k8s.io/structured-merge-diff to v4.4.0
 2023-11-01 01:51:17 +01:00
Kubernetes Prow Robot
257b8c3666 Merge pull request #121046 from danwinship/nftables 
kube-proxy nftables backend
 2023-11-01 01:50:59 +01:00
Kubernetes Prow Robot
fafccc0c9a Merge pull request #121078 from aramase/aramase/f/kep_3331_cel_integration 
Implement CEL for StructuredAuthenticationConfig
 2023-11-01 00:33:21 +01:00
Kubernetes Prow Robot
715cd17c0d Merge pull request #121645 from p0lyn0mial/upstream-fix-race-in-test-forget-watcher 
bring back: cacher: when forgeting a watcher, call stopWatcherLocked multiple times
 2023-10-31 22:57:08 +01:00
Dan Winship
1a6b9b811e Simplify nftables/proxier.go by removing localhost nodeport support 
and related route_localnet setting / anti-martian-packet rule
 2023-10-31 17:33:53 -04:00
Dan Winship
a70653143e Add a dummy nftables kube-proxy backend which is just a copy of iptables 2023-10-31 17:31:42 -04:00
Antonio Ojea
fee07ad608 make update with the new API with arrays 2023-10-31 21:05:58 +00:00
Antonio Ojea
513fdb5422 describer: use new ServiceCIDR API 
Change-Id: Iff11c70f20bab3e55e4e569fb110ef25dd6dd97e
 2023-10-31 21:05:06 +00:00
Antonio Ojea
c3d9b77d94 update ServiceCIDR API: replace IPv4,IPv6 fields by an array of strings 
https: //docs.google.com/document/d/1-CKDPRHsG6XfnGs-Bb7ptWgDtTq9-hj8aJQpGz1CSh8/edit

Change-Id: If7134a5553b4ecc12b1d58ffc52ebb9f8594778a
 2023-10-31 21:05:06 +00:00
Antonio Ojea
8182c4d9ec make update 
Change-Id: I4007d4f6dda24b5c74f602d35191556f315de222
 2023-10-31 21:05:05 +00:00
Antonio Ojea
7e77e8b21d kubectl describe 
Change-Id: I0664e11a3a5549e1cc9602b22dcaf294200792a4
 2023-10-31 21:05:04 +00:00
Antonio Ojea
632081a907 add ServiceCIDR APIs 
Change-Id: Ia084c5505e43033ac34449031a1d32418ca326fd

Change-Id: Iafc236d456f7185a5c89a65d7b96245e04060013
 2023-10-31 21:05:04 +00:00
Kubernetes Prow Robot
3631efd85c Merge pull request #121651 from jiahuif-forks/fix/cel/type-resolver-safe-guard 
CEL type resolvers: avoid infinite recursion for type resolvers.
 2023-10-31 21:50:37 +01:00
Anish Ramasekar
26e3a03d12 Implement CEL and wire it with OIDC authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-10-31 20:16:09 +00:00
Kubernetes Prow Robot
dba565193c Merge pull request #121104 from carlory/kep-3751-api-changes 
[KEP-3571] introduce the VolumeAttributesClass API
 2023-10-31 20:23:50 +01:00
Kubernetes Prow Robot
07d2da75bd Merge pull request #120707 from Jefftree/csa-openapiv3 
Use OpenAPI V3 for client side SMP
 2023-10-31 20:23:27 +01:00
Lukasz Szaszkiewicz
7e35823690 cacher: when forgeting a watcher, call stopWatcherLocked multiple times 
It's possible that the watcher is already not in the structure (e.g. in case of
simultaneous Stop() and terminateAllWatchers(), but it is safe to call stopLocked()
on a watcher multiple times.
 2023-10-31 19:43:35 +01:00
Kubernetes Prow Robot
0294521985 Merge pull request #121649 from enj/enj/c/ec_controller_ctx 
encryptionconfig/controller: run unit tests faster
 2023-10-31 19:16:56 +01:00
Kubernetes Prow Robot
3570075e4f Merge pull request #121647 from aojea/fixrace 
Revert "cacher: when forgeting a watcher, call stopWatcherLocked mult…
 2023-10-31 19:16:47 +01:00
Kubernetes Prow Robot
be636a436b Merge pull request #121646 from kubernetes/revert-121614-decode-respect-timeout-context 
Revert "Make the decode function respect the timeout context"
 2023-10-31 19:16:38 +01:00
Kubernetes Prow Robot
d1113c9a00 Merge pull request #121577 from cici37/celFixPick 
Bump cel-go to v0.17.7 and introduce set ext library with new options
 2023-10-31 19:16:29 +01:00
Kubernetes Prow Robot
418e9d08a4 Merge pull request #120592 from AxeZhan/validation_sets 
Use generic set in package "/pkg/apis/core/validation"
 2023-10-31 19:16:02 +01:00
Kubernetes Prow Robot
5d03ce7ae4 Merge pull request #120354 from aroradaman/proxy-conntrack-api 
Add support for `nf_conntrack_tcp_be_liberal` sysctl to kube-proxy
 2023-10-31 19:15:44 +01:00
Jiahui Feng
e4776e0f85 avoid infinite recursion for type resolvers. 2023-10-31 10:23:50 -07:00
Jefftree
eb32969ab8 Lazy load OpenAPIV2 2023-10-31 12:45:45 -04:00
Jefftree
f23ab829be Add feature toggle for OpenAPI V3 apply in kubectl 2023-10-31 12:45:45 -04:00
Jefftree
e7216c6623 use OpenAPIV3 for kubectl diff 2023-10-31 12:45:45 -04:00
Jefftree
4f3b0b1518 Use OpenAPI V3 for client side SMP 2023-10-31 12:45:45 -04:00
Anish Ramasekar
6b971153d7 add new fields in v1alpha1 StructuredAuthenticationConfiguration 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-10-31 16:45:01 +00:00
Monis Khan
6ac7da1da8 encryptionconfig/controller: run unit tests faster 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-10-31 11:59:37 -04:00
Antonio Ojea
c2cb320913 Revert "cacher: when forgeting a watcher, call stopWatcherLocked multiple times" 
This reverts commit bbca4a4b9a.
 2023-10-31 15:28:01 +00:00
Wojciech Tyczynski
98a2f22e74 Revert "Make the decode function respect the timeout context" 2023-10-31 16:27:17 +01:00
Kubernetes Prow Robot
74fefd877f Merge pull request #121638 from tkashem/apf-ga 
apiserver: set APF featuregate to stable
 2023-10-31 15:57:57 +01:00
Abu Kashem
c7fcef1875 apiserver: set APF featuregate to ga 2023-10-31 08:46:24 -04:00
Kubernetes Prow Robot
5bac451d1f Merge pull request #121615 from p0lyn0mial/upstream-cacher-forget-watcher 
cacher: when forgeting a watcher, call stopWatcherLocked multiple times
 2023-10-31 13:14:14 +01:00