github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
106,583 Commits 1 Branch 31 Tags
ef2e32ab65b6de5c6d7763cfea6a6aec79a6b594
Commit Graph

43953 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
267272efe0 Merge pull request #108251 from danwinship/iptables-tests-cleanup 
iptables tests cleanup
 2022-02-21 09:56:12 -08:00
Kubernetes Prow Robot
f50e076756 Merge pull request #107590 from ialidzhikov/golint/credentialprovider-plugin 
Nit: Replace `errors.New(fmt.Sprintf(...))` with `fmt.Errorf(...)`
 2022-02-21 06:34:14 -08:00
Dan Winship
d830ef6112 proxy/iptables: add HealthCheckNodePorts to unit tests that need them 
To avoid spurious errors in the test output:

  E0114 08:43:27.453974 3718376 service.go:221] "Service has no healthcheck nodeport" service="ns1/svc1"
 2022-02-21 09:16:23 -05:00
Dan Winship
d74df127e9 proxy/iptables: Fix up IPs and ports in unit tests 
All of the tests used a localDetector that considered the pod IP range
to be 10.0.0.0/24, but lots of the tests used pod IPs in 10.180.0.0/16
or 10.0.1.0/24, meaning the generated iptables rules were somewhat
inconsistent. Fix this by expanding the localDetector's pod IP range
to 10.0.0.0/8. (Changing the pod IPs to all be in 10.0.0.0/24 instead
would be a much larger change since it would result in the SEP chain
names changing.)

Meanwhile, the different tests were also horribly inconsistent about
what values they used for other IPs, and some of them even used the
same IPs (or ports) for different things in the same test case. Fix
these all up and create a consistent set of IP assignments:

// Pod IPs:             10.0.0.0/8
// Service ClusterIPs:  172.30.0.0/16
// Node IPs:            192.168.0.0/24
// Local Node IP:       192.168.0.2
// Service ExternalIPs: 192.168.99.0/24
// LoadBalancer IPs:    1.2.3.4, 5.6.7.8, 9.10.11.12
// Non-cluster IPs:     203.0.113.0/24
// LB Source Range:     203.0.113.0/25
 2022-02-21 09:16:22 -05:00
Dan Winship
37ada4b04f proxy/iptables: Don't create unused chains, and enable the unit test for that 2022-02-21 09:16:22 -05:00
Dan Winship
ef4324eaf5 proxy/iptables: refactor unit test code / fix error reporting 
Only run assertIPTablesRuleJumps() on the expected output, not on the
actual output, since if there's a problem with the actual output, we'd
rather see it as the diff from the expected output.
 2022-02-21 09:16:22 -05:00
Dan Winship
4af471f8be proxy/iptables: move GetChainLines unit tests to the right package 
GetChainLines is a utiliptables method, so it should be part of the
unit tests there.
 2022-02-21 09:16:22 -05:00
Wojciech Tyczyński
3016b3d8f8 Change storage.Interface to utilize recurisve parameter 2022-02-21 12:52:05 +01:00
ialidzhikov
f3fcfef5a7 Replace errors.New(fmt.Sprintf(...)) with fmt.Errorf(...) 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2022-02-20 11:23:48 +02:00
Abdullah Gharaibeh
8a1c70b48c Graduate PodAffinityNamespaceSelector to GA 2022-02-18 12:07:29 -05:00
andyzhangx
3867b3e1f8 increase Azure ACR credential provider timeout 2022-02-18 12:29:10 +00:00
Kubernetes Prow Robot
37a0b1a321 Merge pull request #108066 from marseel/dont_check_type_in_hostvolule_in_kubemark 
Turn off volumehost type check in kubemark clusters
 2022-02-18 00:38:24 -08:00
Kubernetes Prow Robot
15fb945348 Merge pull request #105070 from andyzhangx/patch-3 
feat: turn on CSIMigrationAzureFile by default on 1.24
 2022-02-17 20:40:22 -08:00
Kubernetes Prow Robot
8a6439d2b1 Merge pull request #108129 from ahg-g/ahg-suspend 
Graduate SuspendJob to GA
 2022-02-17 19:36:23 -08:00
Kubernetes Prow Robot
5699e6d3ea Merge pull request #108198 from liggitt/endpointslice-topology-strategy-fix 
Make EndpointSlice strategy move node name from topology map to field instead of discarding when updating via v1
 2022-02-17 17:20:49 -08:00
Kubernetes Prow Robot
9750666edb Merge pull request #107697 from kevindelgado/nested-decoding 
Nested decoders handle strict decoding errors
 2022-02-17 17:20:33 -08:00
Kubernetes Prow Robot
2134e971a6 Merge pull request #107684 from aojea/nodePortsOnLocalhost 
kube-proxy: only set route_localnet if required
 2022-02-17 16:14:48 -08:00
Kubernetes Prow Robot
ab97735dbf Merge pull request #108169 from deads2k/fix-rest-handlers 
convert rest storage to per-resource part 1 of...?
 2022-02-17 15:01:14 -08:00
Rob Scott
ba64f9b045 Updating EndpointSlice strategy to retain node name in topology until 
field is set

This fixes a bug where a partial EndpointSlice update could cause node
name information to be dropped from endpoints that were not updated.
 2022-02-17 17:41:17 -05:00
Kevin Delgado
6ab711c3ca Nested decoders handle strict decoding errors 
* Adds docs to the NestedObjectDecoder about handling strict decoding
errors.
* Updates all in-tree NestedObjectDecoder implementations and callers to
check for strict decoding errors before short-circuiting on error.
 2022-02-17 22:05:30 +00:00
Antonio Ojea
8b5fa408e0 kube-proxy: only set route_localnet if required 
kube-proxy sets the sysctl net.ipv4.conf.all.route_localnet=1
so NodePort services can be accessed on the loopback addresses in
IPv4, but this may present security issues.

Leverage the --nodeport-addresses flag to opt-out of this feature,
if the list is not empty and none of the IP ranges contains an IPv4
loopback address this sysctl is not set.

In addition, add a warning to inform users about this behavior.
 2022-02-17 20:20:31 +01:00
Abdullah Gharaibeh
957f1892d3 fix typo 2022-02-17 12:53:27 -05:00
Kubernetes Prow Robot
e8d0009746 Merge pull request #108143 from tallclair/apparmor 
Forbid empty AppArmor localhost profile
 2022-02-16 12:46:44 -08:00
David Eads
132fbf4192 convert rest storage to per-resource 2022-02-16 14:19:29 -05:00
Kubernetes Prow Robot
2d2a7272fc Merge pull request #107670 from 249043822/br-notfound 
Suppress container not found errors in container runtime getPodStatuses
 2022-02-16 10:00:37 -08:00
Kubernetes Prow Robot
f538b0b105 Merge pull request #108017 from denkensk/add-flush-flag 
Add a deprecated cmd flag for the time interval between flushing pods from unschedualbeQ to activeQ or backoffQ.
 2022-02-16 07:56:38 -08:00
Alex Wang
87549203e9 add deprecated flag for flush pods to activeq interval 2022-02-16 11:05:52 +08:00
KeZhang
3946d99904 Ignore container notfound error while getPodstatuses 2022-02-16 08:55:19 +08:00
Tim Allclair
5f2b12e0d4 Move AppArmor profile validation to the API validation pkg 2022-02-15 16:17:37 -08:00
Tim Allclair
455f7c278c Add AppArmor OWNERS file 2022-02-15 16:05:27 -08:00
Tim Allclair
f780889d4c Forbid empty AppArmor localhost profile 2022-02-15 14:46:51 -08:00
Kubernetes Prow Robot
efa5692c0b Merge pull request #108045 from hakman/deprecate_pod-infra-container-image 
Mark pod-infra-container-image flag as deprecated
 2022-02-15 13:17:19 -08:00
Kubernetes Prow Robot
4033355d29 Merge pull request #107909 from sebastiansterk/master 
🤓 simple grammar fix
 2022-02-15 12:15:18 -08:00
Abdullah Gharaibeh
b2d2ec9e76 Graduate SuspendJob to GA 2022-02-15 10:46:13 -05:00
Quan Tian
5bd9892c94 Fix incorrect parameters in EndpointsEqualBeyondHash 2022-02-15 21:30:28 +08:00
Kubernetes Prow Robot
e42e2e877f Merge pull request #107527 from wojtek-t/remove_selflink_ga 
Graduate RemoveSelfLink to Stable
 2022-02-14 19:46:02 -08:00
Kubernetes Prow Robot
64e83a7e43 Merge pull request #107945 from saschagrunert/cri-verbose 
Add support for CRI `verbose` fields
 2022-02-14 17:58:12 -08:00
Kubernetes Prow Robot
1ae7da0b68 Merge pull request #108109 from eddiezane/ez/update-sig-cli-owners 
Update sig-cli OWNERS
 2022-02-14 12:06:30 -08:00
Kubernetes Prow Robot
dea5589b1b Merge pull request #107701 from kinderyj/perf/new-logic-optimiz-for-DetermineVolumeAction 
perf:logic-optimiz-for-DetermineVolumeAction
 2022-02-14 10:59:45 -08:00
Eddie Zaneski
040d575e9f Update sig-cli OWNERS 
Signed-off-by: Eddie Zaneski <eddiezane@gmail.com>
 2022-02-14 10:55:35 -07:00
Wojciech Tyczyński
b3267092fa Remove SelfLink from autogenerating applyconfigurations 2022-02-14 18:35:54 +01:00
Wojciech Tyczyński
2169997dfe Remove Selflink from convertors 2022-02-14 18:25:12 +01:00
Kubernetes Prow Robot
b591acca57 Merge pull request #108047 from wojtek-t/fix_event_update 
Fix validation of event updates
 2022-02-14 02:27:28 -08:00
Wojciech Tyczyński
8b758fb3b9 Remove selflink references in api tests 2022-02-14 11:11:56 +01:00
Kubernetes Prow Robot
21c0f6f6ff Merge pull request #107677 from pohly/scheduler-integration-benchmark 
scheduler integration benchmark improvements
 2022-02-14 01:23:28 -08:00
Ciprian Hacman
57638ae7a1 Mark pod-infra-container-image flag as deprecated 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-02-14 09:11:51 +02:00
Kubernetes Prow Robot
39ccd6f3f9 Merge pull request #108090 from aojea/slice_topology_error 
endpointslice: don't try to update topology cache if node informer error
 2022-02-12 16:19:46 -08:00
Matthias Bertschy
9500ee9d9c container_manager: use oomScoreAdj instead of default when set 2022-02-12 15:23:13 +01:00
Kubernetes Prow Robot
1659924a97 Merge pull request #108070 from jsafrane/remove-selinux 
Remove util/selinux package
 2022-02-11 18:19:47 -08:00
Kubernetes Prow Robot
1f041ccd54 Merge pull request #107887 from bertinatto/fix-panic-kubelet 
Fix panic in Kubelet
 2022-02-11 12:58:07 -08:00