github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
70,722 Commits 1 Branch 31 Tags 1,019 MiB
f2e2a930f9
Commit Graph

31 Commits

Author SHA1 Message Date
Cheng Xing
94d649b590 Rearranged feature flags 2018-09-07 17:45:27 -07:00
Cheng Xing
becc6a9c19 Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction. 2018-09-06 19:16:51 -07:00
Michael Taufen
1b7d06e025 Kubelet creates and manages node leases 
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.

- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
 2018-08-26 16:03:36 -07:00
yue9944882
bc1fb1f7e8 node authz/ad externalization 2018-08-09 10:57:30 +08:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Mike Danese
f39ec8b333 add myself as an approver in various auth related directories 
matching the subprojects I work on:

https://docs.google.com/document/d/1RJvnSPOJ3JC61gerCpCpaCtzQjRcsZ2tXkcyokr6sLY/edit
 2018-05-17 11:32:37 -07:00
Jordan Liggitt
15bcfd5e00
Prevent nodes from updating taints 2018-05-15 13:54:33 -04:00
Jordan Liggitt
8161033be4
Make node restriction admission pod lookups use an informer 2018-05-10 07:53:46 -04:00
Michael Taufen
c41cf55a2c explicit kubelet config key in Node.Spec.ConfigSource.ConfigMap 
This makes the Kubelet config key in the ConfigMap an explicit part of
the API, so we can stop using magic key names.

As part of this change, we are retiring ConfigMapRef for ConfigMap.
 2018-05-08 15:37:26 -07:00
Mike Danese
b43cd7307d noderestriction: restrict nodes TokenRequest permission 
nodes should only be able to create TokenRequests if:
* token is bound to a pod
* binding has uid and name
* the pod exists
* the pod is running on that node
 2018-02-26 13:46:19 -08:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Cao Shufeng
4e7398b67b remove duplicated import 2018-01-17 09:34:59 +08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Hemant Kumar
1b76b0b2ff Allow node to update PVC's status 
Implement node policy feature gates
Add tests for node policy update
 2017-11-22 14:32:50 -05:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
aedcf681b3 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 2017-11-02 09:29:55 +01:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Michael Taufen
443d58e40a Dynamic Kubelet Configuration 
Alpha implementation of the Dynamic Kubelet Configuration feature.
See the proposal doc in #29459.
 2017-08-08 12:21:37 -07:00
Daniel Fernandes Martins
81ba522bbe Make NodeRestriction admission allow evictions for bounded pods 2017-07-20 14:20:03 -03:00
Kubernetes Submit Queue
80a0f555db Merge pull request #48748 from liggitt/node-restriction-message 
Automatic merge from submit-queue (batch tested with PRs 48405, 48742, 48748, 48571, 48482)

Improve node restriction message

Help debug https://github.com/kubernetes/kubernetes/issues/48687#issuecomment-314224531

/assign @luxas
 2017-07-12 08:05:20 -07:00
Jordan Liggitt
e3e25df5df
Improve node restriction message 2017-07-10 22:44:24 -04:00
Tim Allclair
a2f2e1d491 Name change: s/timstclair/tallclair/ 2017-07-10 14:05:46 -07:00
Jordan Liggitt
2106a2bbe5
Check live pod on cache miss before forbidding node deletion 2017-06-05 12:09:15 -04:00
Jordan Liggitt
fed30040c9
Make NodeRestriction admission require identifiable nodes 2017-05-30 15:15:23 -04:00
p0lyn0mial
c5019bf696 remove init blocks from all admission plugins 2017-05-23 22:00:32 +02:00
Jordan Liggitt
a26897362b
Use name from node object on create 2017-05-19 10:37:14 -04:00
Jordan Liggitt
6fd36792f1
Add NodeRestriction admission plugin 2017-05-18 16:43:42 -04:00