github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,390 Commits 1 Branch 31 Tags 1,019 MiB
fcd6c19c24
Commit Graph

3973 Commits

Author SHA1 Message Date
Cici Huang
13172cba5c
ValidatingAdmissionPolicy: support namespace access (#118267) 
* Support namespace access from cel expression in validatingadmissionpolicy.

* Whitelist the exposed fields in namespace object and add test

* better handling of cluster-scoped resources.

* [API REVIEW] namespaceObject in Expression doc.

* compatibility with composition.

* generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh

* workaround namespace of namespace is unexpectedly set.

* basic test coverage for namespaceObject.

---------

Co-authored-by: Jiahui Feng <jhf@google.com>
 2023-07-14 17:53:08 -07:00
Shiming Zhang
3e2a1a7b9c Regenerate 2023-07-14 09:43:16 +08:00
Shiming Zhang
14b09c414a Add DownwardAPI validation for status.hostIPs 2023-07-14 09:35:31 +08:00
Shiming Zhang
bf030fd68a Add validate HostIPs 2023-07-14 09:35:30 +08:00
Shiming Zhang
267e76a66e Add status.hostIPs in validEnvDownwardAPIFieldPathExpressions 2023-07-14 09:35:30 +08:00
Shiming Zhang
c287943bdd Add status.hostIPs in ConvertDownwardAPIFieldLabel 2023-07-14 09:35:30 +08:00
Shiming Zhang
7a81ef6406 Add fuzzer for PodStatus 2023-07-14 09:35:30 +08:00
Shiming Zhang
e061143de7 Add HostIPs field and update PodIPs field 2023-07-14 09:35:30 +08:00
Mike Spreitzer
ce90eb2cc2 Fix validation to use field.Forbidden instead of Required 
Co-authored-by: David Eads <deads2k@users.noreply.github.com>
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:02:28 +00:00
Abu Kashem
3754d2da20 apf: allow admin to change the Exempt field only of the exempt pl 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:01:29 +00:00
Abu Kashem
f8e4e8abac apf: add validation to exempt for borrowing 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:01:09 +00:00
Mike Spreitzer
f78d6062eb Update generated code for APF borrowing by exempt 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 01:00:06 +00:00
Mike Spreitzer
a9d8cace1f Fix AutoUpdateAnnotationKey, NominalConcurrencyShares 
Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com>
 2023-07-14 00:47:58 +00:00
Abu Kashem
3d3240c8b4 apf: add API changes for borrowing by exempt pl 2023-07-14 00:47:28 +00:00
Jiahui Feng
b635f2a401
ValidatingAdmissionPolicy: Variable Composition (#118642) 
* [API REVIEW] Variable Composition

* lazy map.

* variable composition implementation.

* check variables during VAP validation.

* generated: ./hack/update-vendor.sh

* generated: UPDATE_COMPATIBILITY_FIXTURE_DATA

(cd staging/src/k8s.io/api/ && env UPDATE_COMPATIBILITY_FIXTURE_DATA=true go test)

* cost calucation.

* tests for cost calculations.

* e2e test for variables.

* fix doc for Validation.Expression.

* generated: ./hack/update-codegen.sh

* fix missing utilruntime import.

* generated: ./hack/update-openapi-spec.sh
 2023-07-13 17:13:28 -07:00
Kubernetes Prow Robot
fc798a8dc1
Merge pull request #118520 from jpbetz/validate-unique 
Add merge map key validation to StorageVersions
 2023-07-13 14:43:49 -07:00
Kubernetes Prow Robot
a9e40bd7c6
Merge pull request #114307 from rphillips/promote_probe_termination_grace_period 
ProbeTerminationGracePeriod promote to GA
 2023-07-13 13:41:38 -07:00
Kubernetes Prow Robot
3f1704dfbd
Merge pull request #119296 from pohly/dra-pod-resource-claim-status-validation 
dra API: ensure that pod status contains no duplicate resource claims
 2023-07-13 12:39:49 -07:00
Patrick Ohly
ddc0d94790 dra API: ensure that pod status contains no duplicate resource claims 
This is a follow-up to https://github.com/kubernetes/kubernetes/pull/117351
which just got merged.
 2023-07-13 18:41:40 +02:00
dprotaso
610509fedd Update standard app protocols 
Add websocket support - see https://github.com/kubernetes/enhancements/pull/3996
 2023-07-12 08:28:50 -04:00
Patrick Ohly
0fc62d5ded dra: generated files 2023-07-11 14:23:48 +02:00
Patrick Ohly
444d23bd2f dra: generated name for ResourceClaim from template 
Generating the name avoids all potential name collisions. It's not clear how
much of a problem that was because users can avoid them and the deterministic
names for generic ephemeral volumes have not led to reports from users. But
using generated names is not too hard either.

What makes it relatively easy is that the new pod.status.resourceClaimStatus
map stores the generated name for kubelet and node authorizer, i.e. the
information in the pod is sufficient to determine the name of the
ResourceClaim.

The resource claim controller becomes a bit more complex and now needs
permission to modify the pod status. The new failure scenario of "ResourceClaim
created, updating pod status fails" is handled with the help of a new special
"resource.kubernetes.io/pod-claim-name" annotation that together with the owner
reference identifies exactly for what a ResourceClaim was generated, so
updating the pod status can be retried for existing ResourceClaims.

The transition from deterministic names is handled with a special case for that
recovery code path: a ResourceClaim with no annotation and a name that follows
the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod
claim and gets added to the pod status.

There's no immediate need for it, but just in case that it may become relevant,
the name of the generated ResourceClaim may also be left unset to record that
no claim was needed. Components processing such a pod can skip whatever they
normally would do for the claim. To ensure that they do and also cover other
cases properly ("no known field is set", "must check ownership"),
resourceclaim.Name gets extended.
 2023-07-11 14:23:48 +02:00
twelcon
70f979c8da
Alert message improved according to standards 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-07-10 17:13:35 +05:30
Gunju Kim
c187b38117 Sidecar: Generated code 2023-07-07 21:39:35 +00:00
Gunju Kim
5d26bcd468 Sidecar: API changes 
- Add SidecarContaienrs feature gate
- Add ContainerRestartPolicy type
- Add RestartPolicy field to the Container
- Drop RestartPolicy field if the feature is disabled
- Add validation for the SidecarContainers
- Allow restartable init containaers to have a startup probe
 2023-07-07 21:39:34 +00:00
Kubernetes Prow Robot
cd32adebd9
Merge pull request #118386 from Richabanker/enhance-storage-version 
Add servedVersions info in StorageVersion API
 2023-07-05 19:23:02 -07:00
Kubernetes Prow Robot
c2b7d25ff8
Merge pull request #118691 from giuseppe/drop-check-for-volumes 
apis: drop check for volumes with user namespaces
 2023-06-29 16:23:56 -07:00
Richa Banker
1c48b7ec14 Add servedVersions info in StorageVersion API 2023-06-29 15:40:54 -07:00
Kubernetes Prow Robot
960830bc66
Merge pull request #118102 from RomanBednar/retro-sc-assignment-ga 
graduate RetroactiveDefaultStorageClass feature to GA in 1.28
 2023-06-27 20:46:32 -07:00
Giuseppe Scrivano
556d713a4a
apis: drop check for volumes with user namespaces 
The second phase of user namespaces support was related to supporting
only stateless pods.  Since the changes were accepted for the KEP, now
the scope is extended to support stateful pods as well.  Remove the
check that blocks creating PODs with volumes when using user namespaces.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2023-06-22 15:15:42 +02:00
twelcon
9d4b489107
Renaming restartPolicy to containerRestartPolicy for better calrity 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-06-21 12:33:14 +05:30
twelcon
01c2c4f35f
Error test cases added 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-06-20 19:42:17 +05:30
twelcon
a609beb6b1
Decline on resizePolicy if the restartPolicy is Never 
Signed-off-by: twelcon <mastermind12210@gmail.com>
 2023-06-20 18:48:47 +05:30
Kubernetes Prow Robot
1de217b095
Merge pull request #118278 from mimowo/fix-pod-failure-policy-comments 
Update podFailurePolicy comment from alpha-level to beta
 2023-06-12 13:46:49 -07:00
Roman Bednar
ac15d69757 remove RetroactiveDefaultStorageClass feature gate checks 2023-06-07 14:31:16 +02:00
Roman Bednar
6afb363ca1 test: remove RetroactiveDefaultStorageClass feature gate 
Since the feature is GA and locked to true, tests can no longer set it
to false. Cleaning up by removing all references to this feature gate
from tests.

Feature gate will be removed in v1.29.
 2023-06-07 14:31:16 +02:00
Roman Bednar
97a81a59f6 test: correct validation test error message 2023-06-07 14:31:16 +02:00
kerthcet
96ab232f5f Remove reasons from PodConditionType 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2023-06-07 11:47:47 +08:00
Joe Betz
b5db644422 Add merge map key validation to StorageVersions 2023-06-06 20:26:43 -04:00
Kubernetes Prow Robot
0bb17a88fa
Merge pull request #116741 from gjkim42/promote-expanded-dns-config-to-ga 
Promote ExpandedDNSConfig feature to the GA stage
 2023-05-30 18:19:56 -07:00
Michal Wozniak
926bc9bf8e Update podFailurePolicy comment from alpha-level to beta 2023-05-26 10:24:36 +02:00
Kubernetes Prow Robot
bc6cbdabbe
Merge pull request #117852 from tenzen-y/replace-deprecated-sets 
Job: Use generic Set in validation
 2023-05-24 14:47:00 -07:00
Kubernetes Prow Robot
b2522655b3
Merge pull request #117047 from charles-chenzz/add_continue 
replace deprecated set.String in storage/validation
 2023-05-24 02:48:49 -07:00
aleskandro
4c9887e3eb Updating the nodeAffinity of gated pods having nil affinity should be allowed 2023-05-18 07:44:34 +02:00
Joe Betz
f0f92853ad Add api-machinery TL owners permissions for jpbetz 2023-05-15 11:09:54 -04:00
Kubernetes Prow Robot
8479db5876
Merge pull request #117946 from lavalamp/lavalamp-taking-a-break 
lavalamp is taking a long break
 2023-05-12 14:34:47 -07:00
Yuki Iwai
2e2afc7fd2 Job: Use generic Set in validation 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-05-12 03:26:25 +09:00
Kubernetes Prow Robot
367180d781
Merge pull request #117933 from tenzen-y/replace-deprecated-Prt-utils 
Job: Replace deprecated pointer utils with supported ones
 2023-05-11 09:59:14 -07:00
Daniel Smith
1ffe3f467e lavalamp is taking a long break 2023-05-11 16:43:38 +00:00
Yuki Iwai
de882f5193 Job: Replace deprecated pointer utils with supported ones 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-05-11 19:29:14 +09:00
Tim Hockin
4bbf611773
Retool validation for pod HostNetwork ports 
This will ensure that HostPort == ContainerPort for pods and that
HostPort == 0 || HostPort == ContainerPort for embedded PodSpecs.
 2023-05-09 18:10:44 -07:00
Tim Hockin
ec3379a717
Do hostNet Pod-ports -> hostPorts in Pod defaults 
Rather than doing it in PodSpec defaulting, which triggers in
Deployments and DaemonSets, do it only when a Pod is actually in play.
 2023-05-09 18:10:20 -07:00
Kubernetes Prow Robot
6442024f1c
Merge pull request #116779 from jpbetz/cel-ratcheting 
Controlled rollout of CEL libraries and language feautres
 2023-05-08 09:51:40 -07:00
Joe Betz
e740f8340e Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables 2023-05-08 11:52:31 -04:00
Yuki Iwai
235c261196 Job: Fix a misspelling 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-05-09 00:25:45 +09:00
Ryan Phillips
ae08fe1e19 ProbeTerminationGracePeriod promote to GA 2023-05-05 14:27:54 -05:00
Jordan Liggitt
e807a6aec5
Disable NewVolumeManagerReconstruction feature gate 2023-05-04 16:41:20 -04:00
Kubernetes Prow Robot
7add692580
Merge pull request #117633 from kannon92/remove-job-tracking-finalizers 
remove tracking annotation from validation and webhooks
 2023-05-04 10:34:43 -07:00
Gunju Kim
b249b4ca9b
Promote ExpandedDNSConfig feature to the GA stage 2023-05-04 20:37:10 +09:00
Kubernetes Prow Robot
78833e1b33
Merge pull request #117713 from flant/ssr-ga 
KEP-3325: Promote SelfSubjectReview to GA
 2023-05-03 08:54:24 -07:00
m.nabokikh
40de26dcff KEP-3325: Promote SelfSubjectReview to GA 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-05-02 14:50:40 +02:00
Tim Hockin
d55b67b349
Clean up brace whitespace in **/validation_test.go 
This was making my eyes bleed as I read over code.

I used the following in vim.  I made them up on the fly, but they seemed
to pass manual inspection.

:g/},\n\s*{$/s//}, {/
:w
:g/{$\n\s*{$/s//{{/
:w
:g/^\(\s*\)},\n\1},$/s//}},/
:w
:g/^\(\s*\)},$\n\1}$/s//}}/
:w
 2023-05-02 00:48:42 -07:00
Kubernetes Prow Robot
d6471d01a4
Merge pull request #115843 from rikatz/remote-netpol-status 
Remove/Withdraw  NetworkPolicy Status
 2023-05-01 18:30:10 -07:00
Kubernetes Prow Robot
46852cab7f
Merge pull request #117570 from marosset/remove-hostprocess-containers-featuregate 
Removing WindowsHostProcessContainers feature-gate
 2023-05-01 14:24:11 -07:00
Mark Rossetti
ab9c8eb1e8
Removing WindowsHostProcessContainers feature-gate 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2023-05-01 13:30:38 -07:00
Ricardo Katz
ec997d5433 Generated files for NetworkPolicyStatus removal 2023-05-01 15:19:25 -03:00
Ricardo Katz
bff8a6cd9f Remove withdrawn feature NetworkPolicyStatus 2023-05-01 15:19:25 -03:00
Stephen Kitt
4911e9de4a
api: replace intstr.FromInt with intstr.FromInt32 
This touches cases where FromInt() is used on numeric constants, or
values which are already int32s, or int variables which are defined
close by and can be changed to int32s with little impact.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2023-05-01 09:16:15 +02:00
Kubernetes Prow Robot
d8bdddcab4
Merge pull request #117531 from mfordjody/master 
remove validation GCE-ism
 2023-04-28 18:28:16 -07:00
kannon92
6a4cf352b8 remove tracking annotation from validation and webhooks 2023-04-26 17:16:05 +00:00
Kubernetes Prow Robot
3125009dd1
Merge pull request #115487 from tongpu/docs/roleRef_immutable 
Add a comment to document that roleRef is immutable
 2023-04-25 03:36:27 -07:00
Kubernetes Prow Robot
56e17d6d67
Merge pull request #115168 from HirazawaUi/delte-pkg-apis-other-unused-functions 
remove unused not api functions in the pkg/apis directory
 2023-04-24 14:23:01 -07:00
Lukas Grossar
d76f5dae67
Add a comment to roleRef to document that it is immutable 2023-04-24 22:35:20 +02:00
mfordjody
c3384191ea remove validation GCE-ism 
update testing

update testing

update testing

update core and testing

update testing
 2023-04-24 14:27:37 +08:00
Kubernetes Prow Robot
25a25e27a9
Merge pull request #110477 from halfcrazy/feat/hostnetwork-fieldsel 
support fieldSelector spec.hostNetwork
 2023-04-21 18:13:11 -07:00
charles-chenzz
4de0d2c6f8 use generic set in storage/validation 2023-04-17 18:37:50 +08:00
Yan Zhu
7fb88eec73 support fieldSelector spec.hostNetwork 
Signed-off-by: Yan Zhu <hackzhuyan@gmail.com>
 2023-04-17 13:19:35 +08:00
Kubernetes Prow Robot
403a8fdf1e
Merge pull request #117043 from mouuii/mouuii-dev-0401-clean 
remove unnecessary check
 2023-04-14 14:24:41 -07:00
mouuii
becf73a82b add invaild scope test case 
Signed-off-by: mouuii <49775493+mouuii@users.noreply.github.com>
 2023-04-14 11:55:08 +08:00
Kubernetes Prow Robot
4c6d6aa482
Merge pull request #116602 from mattcary/fuzz 
Simplify statefulset fuzzer
 2023-04-13 17:24:38 -07:00
Tim Hockin
bc302fa414
Replace uses of ObjectReflectDiff with cmp.Diff 
ObjectReflectDiff is already a shim over cmp.Diff, so no actual output
or behavior changes
 2023-04-12 08:48:03 -07:00
Tim Hockin
29c0b73d64
Replace uses of diff.ObjectDiff with cmp.Diff 
ObjectDiff is already a shim over cmp.Diff, so no actual output or
behavior changes
 2023-04-12 08:46:12 -07:00
Tim Hockin
dd7af241c1
Replace diff.ObjectDiff with cmp.Equal 
More obvious and cheaper, and ObjectDiff is already written in terms of
cmp.
 2023-04-12 08:45:32 -07:00
Kubernetes Prow Robot
cafc23f624
Merge pull request #117182 from dddddai/http-headers 
Use case-insensitive header keys for http probes
 2023-04-12 03:42:31 -07:00
dddddai
10a8ec5b2c use case-insensitive header keys for http probes 2023-04-12 15:39:55 +08:00
yang-wang11
277c03fc79
remove these unrelated openapi files (#117051) 2023-04-11 20:20:49 -07:00
Kubernetes Prow Robot
c4ebf5f1e3
Merge pull request #116722 from luoqr96/myfeature 
Chore: test simplification for stateful set
 2023-04-11 18:19:37 -07:00
Kubernetes Prow Robot
d0fc9d16ce
Merge pull request #114800 from haoruan/feature-8976-spew-sprintf-refactor 
Capture spew.Sprintf() with all our favorite config into a util func
 2023-04-11 15:34:57 -07:00
Hao Ruan
f638e2849f replaced spew.Sprintf with a util pretty print function 2023-03-27 09:24:22 +08:00
Kubernetes Prow Robot
0c62b122c0
Merge pull request #116857 from vinaykul/restart-free-pod-vertical-scaling-fixes 
Call function that validates resize policy for in-place pod resize feature
 2023-03-24 10:42:21 -07:00
Lior Lieberman
6843c52060 remove kubernetes.io/grpc standard protocol 2023-03-22 18:33:49 +00:00
vinay kulkarni
0e9dd5c51d Call function that validates in-place vpa resize policy 2023-03-22 16:19:19 +00:00
Kubernetes Prow Robot
3cf9f66e90
Merge pull request #116743 from thockin/docs-clarify-publish-not-ready-endpoints 
Clarify EPSlice docs wrt the Ready conditions
 2023-03-21 23:14:35 -07:00
Qirui
ddc13e983b Chore: add selector labels tweak function 2023-03-22 11:02:25 +08:00
Qirui
4cab11f26f Chore: add persistent volume claim retention policy tweak function 2023-03-22 11:02:01 +08:00
Qirui
ba9dfe686f Chore: add persistent volume claim template tweak function 2023-03-22 11:01:37 +08:00
Qirui
f97d3cf748 Chore: add rolling update max unavailable type tweak function 2023-03-22 11:01:25 +08:00
Qirui
1b17b4fa79 Chore: add rolling update partition type tweak function 2023-03-22 11:01:04 +08:00
Qirui
f3ffeae426 Chore: add update strategy type tweak function 2023-03-22 11:00:46 +08:00
Qirui
5e0161b3de Chore: add labels tweak function 2023-03-22 11:00:25 +08:00
Qirui
ec34891782 Chore: add annotation tweak function 2023-03-22 10:51:54 +08:00
Qirui
b907d5af49 Chore: add finalizers tweak function 2023-03-22 10:51:41 +08:00
Qirui
18ba7c0e43 Chore: add ordinal start tweak function 2023-03-22 10:51:18 +08:00
Qirui
3eb34d8b6c Chore: add min ready seconds tweak function 2023-03-22 10:51:03 +08:00
Qirui
2161d095fa Chore: add template restart policy tweak function 2023-03-22 10:50:42 +08:00
Qirui
4418a9f590 Chore: add replicas tweak function 2023-03-22 10:49:51 +08:00
Qirui
7fc08e0ce7 Chore: add pod management policy tweak function 2023-03-22 10:48:29 +08:00
Qirui
77c7d6efcf Chore: add basic make function for stateful set 
Add name and namespace tweak functions
 2023-03-22 10:47:43 +08:00
Jiahui Feng
33c3fe3f74 differentiate kinds of expressions. 2023-03-20 12:13:21 -07:00
Tim Hockin
78530ec0a8
Clarify EPSlice docs wrt the Ready conditions 
`publishNotReadyAddresses` is an explicit override, so this makes it
clear that is OK.
 2023-03-19 09:28:58 -07:00
vinay kulkarni
0ee5d43d74 Add unit tests covering ephemeral storage resource combinations 2023-03-17 05:43:30 +00:00
vinay kulkarni
07c567a848 Add missing unit test for resource resize policy defaulting 2023-03-17 05:43:30 +00:00
Taahir Ahmed
2e4b637bf8 ClusterTrustBundles: make update 2023-03-15 20:10:59 -07:00
Taahir Ahmed
6a75e7c40c ClusterTrustBundles: Define types 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
 2023-03-15 20:10:18 -07:00
Max Smythe
e5fd204c33
Custom match criteria (#116350) 
* Add custom match conditions for CEL admission

This PR is based off of, and dependent on the following PR:

https://github.com/kubernetes/kubernetes/pull/116261

Signed-off-by: Max Smythe <smythe@google.com>

* run `make update`

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Fix unit tests

Signed-off-by: Max Smythe <smythe@google.com>

* Update compatibility test data

Signed-off-by: Max Smythe <smythe@google.com>

* Revert "Update compatibility test data"

This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28.

* Allow params during validation; make match conditions optional

Signed-off-by: Max Smythe <smythe@google.com>

* Add conditional ignoring of matcher CEL expression validation on update

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Add more validation tests

Signed-off-by: Max Smythe <smythe@google.com>

* Short-circuit CEL matcher when no matchers specified

Signed-off-by: Max Smythe <smythe@google.com>

* Run codegen

Signed-off-by: Max Smythe <smythe@google.com>

* Address review comments

Signed-off-by: Max Smythe <smythe@google.com>

---------

Signed-off-by: Max Smythe <smythe@google.com>
 2023-03-15 17:23:15 -07:00
Rob Scott
9e571c0424
Adding validation for topology annotations 
Change-Id: I50b3b05b859c69e98daca7c8fca0d3a76024eb80
 2023-03-15 18:37:02 +00:00
Kubernetes Prow Robot
8decaf3ae7
Merge pull request #115447 from kidddddddddddddddddddddd/ingress 
[ingress] Create with ingressClass annotation and IngressClassName both set
 2023-03-15 02:02:16 -07:00
Igor Velichkovich
5e5b3029f3
Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen
 2023-03-14 20:28:26 -07:00
Kubernetes Prow Robot
ae36991498
Merge pull request #116332 from klueska/extend-resourceclaimstatus 
Update resource.AllocationResult with a slice of ResourceHandlers
 2023-03-14 19:26:50 -07:00
Kubernetes Prow Robot
9053b5dc2c
Merge pull request #116119 from vinaykul/restart-free-pod-vertical-scaling-fixes 
Restructure resize policy naming and set default resize policy values
 2023-03-14 19:26:42 -07:00
Lior Lieberman
812d55d230
Updated: Redefine AppProtocol field description and add new standard values (#115433) 
* redefine app protocol and add standard values

* change k8s.io/http2 to k8s.io/h2c

* address feedback

* Update staging/src/k8s.io/api/discovery/v1/types.go

Co-authored-by: Rob Scott <rob.scott87@gmail.com>

* remove kubernetes.io/tcp and change wording

---------

Co-authored-by: Rob Scott <rob.scott87@gmail.com>
 2023-03-14 19:26:33 -07:00
Kubernetes Prow Robot
f44d561c1f
Merge pull request #115075 from aojea/ipaddress 
IPAddress allocator
 2023-03-14 19:26:13 -07:00
Kubernetes Prow Robot
f3aebc85b9
Merge pull request #114930 from kannon92/add-new-labels 
Add batch.kubernetes.io to labels created in the Job controller.
 2023-03-14 17:44:13 -07:00
Kubernetes Prow Robot
9c1d73bfd6
Merge pull request #116581 from humblec/csiNodeExpand 
Update NodeExpandSecretRef comment for beta
 2023-03-14 16:34:56 -07:00
Kubernetes Prow Robot
f315a4669a
Merge pull request #116576 from pohly/dra-core-validation 
api: extend validation of dynamic resource allocation fields in PodSpec
 2023-03-14 16:34:48 -07:00
Kubernetes Prow Robot
f7bcff44cd
Merge pull request #116425 from jsafrane/flip-selinux 
Flip SELinuxMountReadWriteOncePod to Beta
 2023-03-14 16:34:41 -07:00
Antonio Ojea
ba42ed9a49 make update 
Change-Id: I19e12ca05d977dca63043cb07ecf8a90e0e525c5
 2023-03-14 22:58:12 +00:00
Antonio Ojea
c36562dfd7 IPAddress validation 
Validate IPAddress name is in canonical format
Validate ParentRef is required, and Resource and Name.
Validate IPAddress is inmutable on update.
 2023-03-14 22:56:44 +00:00
Antonio Ojea
036f57f3cb Add IPAddress API 
Change-Id: I9cf710f011b58409ab880d3b2e7f841f228ee5ee
 2023-03-14 22:56:44 +00:00
Kevin Klues
452f345c47 Update generated code for resource.k8s.io/v1alpha2 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2023-03-14 22:41:44 +00:00
Kevin Klues
da0b75f8f9 Update validation for recent changes to resource.k8s.io/v1alpha2 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2023-03-14 22:34:18 +00:00
Kevin Klues
53dda4ffe2 Update AllocationResult and ResourceHandle for resource.k8s.io/v1alpha2 
This implements the change outlined in the following KEP update:
https://github.com/kubernetes/enhancements/pull/3802

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2023-03-14 22:34:18 +00:00
Kubernetes Prow Robot
fbfc887a09
Merge pull request #116556 from pohly/dra-podschedulingcontext 
dra: PodScheduling -> PodSchedulingContext
 2023-03-14 15:14:34 -07:00
Kubernetes Prow Robot
f2e1a67c05
Merge pull request #116535 from denkensk/fix-match 
feat: forbid to set matchLabelKeys when labelSelector isn’t set in topologySpreadConstraints
 2023-03-14 14:13:04 -07:00
Kubernetes Prow Robot
c0ef73222f
Merge pull request #116522 from robscott/topology-1-27-updates 
Introducing Topology Mode Annotation, Deprecating Topology Hints Annotation
 2023-03-14 14:12:48 -07:00
Kubernetes Prow Robot
c47d2ae648
Merge pull request #116561 from mattcary/ss-v1beta1-defaulter 
StatefulSet v1beta1 defaulter tests
 2023-03-14 12:38:34 -07:00
Jan Safranek
58c4ead0ad Add featureGate to CSIDriver.SELinuxMount 2023-03-14 18:47:17 +01:00
Matthew Cary
d6d19a290d Simplify statefulset fuzzer 
Change-Id: I5d583f134d47d615fb2fe44b48bb091ea14fe540
 2023-03-14 10:31:49 -07:00
Humble Chirammal
0bdb2db18d update internal type of csiNodeExpand feature to beta 
Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
 2023-03-14 22:12:17 +05:30
Alex Wang
199c37acef feat: update matchLabelKeys comment and code auto-generate 
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
 2023-03-14 23:51:50 +08:00
Jan Safranek
a53c6f1dc8 Add validation of CSIDriver.SELinuxMount 2023-03-14 16:49:55 +01:00
Alex Wang
8a1f9f43e6 feat: validate matchLabelKeys when labelSelector isn't set 
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
 2023-03-14 22:36:41 +08:00
Jan Safranek
a84dc2d5c5 Flip SELinuxMountReadWriteOncePod to Beta 
And enable all e2e tests by default. They're still behind
`[Feature:SELinux]` tag to ensure the underlying OS supports SELinux.
 2023-03-14 14:32:38 +01:00
Patrick Ohly
e97531b349 api: extend validation of dynamic resource allocation fields in PodSpec 
The generated ResourceClaim name and the names of the ResourceClaimTemplate and
ResourceClaim referenced by a pod must be valid according to the resource API,
otherwise the pod cannot start.

Checking this was removed from the original implementation out of concerns
about validating fields in core against limitations imposed by a separate,
alpha API.  But as this was pointed out again in
https://github.com/kubernetes/kubernetes/pull/116254#discussion_r1134010324
it gets added back.

The same strings that worked before still work now. In particular, the
constraints for a spec.resourceClaim.name are still the same (DNS label).
 2023-03-14 11:58:41 +01:00
Patrick Ohly
2b8a4e8097 api: generated files for PodSchedulingContext 2023-03-14 10:18:08 +01:00
Patrick Ohly
fec5233668 api: resource.k8s.io PodScheduling -> PodSchedulingContext 
The name "PodScheduling" was unusual because in contrast to most other names,
it was impossible to put an article in front of it. Now PodSchedulingContext is
used instead.
 2023-03-14 10:18:08 +01:00
Kubernetes Prow Robot
0e06be57a6
Merge pull request #116299 from pohly/dra-v1alpha2 
api: resource.k8s.io v1alpha1 -> v1alpha2
 2023-03-14 02:15:08 -07:00
Kubernetes Prow Robot
921dfed168
Merge pull request #116566 from liggitt/fix-fuzzer 
Fix StatefulSet fuzzer
 2023-03-14 00:45:09 -07:00
Patrick Ohly
29941b8d3e api: resource.k8s.io v1alpha1 -> v1alpha2 
For Kubernetes 1.27, we intend to make some breaking API changes:
- rename PodScheduling -> PodSchedulingHints (https://github.com/kubernetes/kubernetes/issues/114283)
- extend ResourceClaimStatus (https://github.com/kubernetes/enhancements/pull/3802)

We need to switch from v1alpha1 to v1alpha2 for that.
 2023-03-14 07:52:03 +01:00
Jordan Liggitt
f7ab379489
Fix StatefulSet fuzzer 2023-03-14 01:19:12 -04:00
Matthew Cary
74b8fc7534 Add statefulsets to v1beta1 default_test 
Change-Id: Id68cdb2c9bb7b4ebe21597ead1926e02e3b491af
 2023-03-13 20:35:00 -07:00
Jiahui Feng
deb467261c generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh 2023-03-13 19:44:28 -07:00
Kubernetes Prow Robot
cd56332d06
Merge pull request #116501 from mattcary/ss-beta 
Graduate StatefulSetAutoDelete to beta
 2023-03-13 19:31:20 -07:00
Kubernetes Prow Robot
6b3e2b7873
Merge pull request #116397 from jiahuif-forks/feature/validating-admission-policy/message-expression 
MessageExpression for ValidatingAdmissionPolicy
 2023-03-13 19:31:08 -07:00
Rob Scott
e23af041f5
Introducing Topology Mode Annotation, Deprecating Topology Hints 
Annotation

As part of this change, kube-proxy accepts any value for either
annotation that is not "disabled".

Change-Id: Idfc26eb4cc97ff062649dc52ed29823a64fc59a4
 2023-03-14 02:23:11 +00:00
kidddddddddddddddddddddd
488d7650f4 update description 2023-03-14 09:42:41 +08:00
Matthew Cary
1d6df8233c Graduate StatefulSetAutoDelete to beta 
Change-Id: Iee385580d313c69fbb8a893eb5c165aa0b75725d
 2023-03-13 17:09:29 -07:00
Kubernetes Prow Robot
110541b3d7
Merge pull request #116490 from tallclair/docs-urls2 
Fix broken links in API documentation
 2023-03-13 16:48:56 -07:00
Tim Allclair
ea974280dc Fix broken API docs URLs 2023-03-13 11:37:59 -07:00
vinay kulkarni
9a805db010 Set default resize policy only for specified resource types, rename RestartNotRequired -> NotRequired 2023-03-12 23:46:40 +00:00
vinay kulkarni
9411050448 Set default resource resize restart policy to RestartNotRequired 2023-03-12 23:46:39 +00:00
vinay kulkarni
c5130fb0d6 Restructure naming of resource resize restart policy - generated files 2023-03-12 23:46:39 +00:00
vinay kulkarni
8b23497ae7 Restructure naming of resource resize restart policy 2023-03-12 23:11:32 +00:00
Kubernetes Prow Robot
3c6e419cc3
Merge pull request #116450 from vinaykul/restart-free-pod-vertical-scaling-api 
Rename ContainerStatus.ResourcesAllocated to ContainerStatus.AllocatedResources
 2023-03-12 16:06:40 -07:00
kannon92
aef8cbab89 Add batch.kubernetes.io to labels created in the Job controller. 2023-03-11 12:27:38 +00:00
Kubernetes Prow Robot
0010333bdd
Merge pull request #116161 from danielvegamyhre/mutable-scheduling-directives 
Mutable pod scheduling directives
 2023-03-10 12:40:58 -08:00
Daniel Vega-Myhre
86f41dc012 mutable pod scheduling directives 2023-03-10 18:30:09 +00:00
Jiahui Feng
1fff4949bd generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh 2023-03-10 09:03:49 -08:00
vinay kulkarni
565fd4116d Rename ContainerStatus.ResourcesAllocated to ContainerStatus.AllocatedResources - generated files 2023-03-10 14:49:26 +00:00
vinay kulkarni
01b96e7704 Rename ContainerStatus.ResourcesAllocated to ContainerStatus.AllocatedResources 2023-03-10 14:49:26 +00:00
Kubernetes Prow Robot
8fbfbd9653
Merge pull request #115260 from pwschuurman/kep-3335-statefulset-start-ordinal-beta 
Move StatefulSetStartOrdinal feature gate to beta
 2023-03-09 21:34:30 -08:00
Kubernetes Prow Robot
48e4052fc0
Merge pull request #114902 from TommyStarK/pkg-apis/replace-deprecated-pointer-function 
pkg/apis: Replace deprecated pointer function
 2023-03-09 21:34:15 -08:00
Kubernetes Prow Robot
ccba890df9
Merge pull request #114420 from bzsuni/bz/optimization 
Cleanup: fix variable names in comments
 2023-03-09 21:33:37 -08:00
Antonio Ojea
fd62265d19 unexport buggy function nodeSelectorAsSelector 
Change-Id: I1e48ac0dd0b33c367fa9be4f4adb11a4531849f9
 2023-03-09 16:58:25 +00:00
Jiahui Feng
d8be7aa9ca implement message expression. 2023-03-08 17:36:11 -08:00
Jiahui Feng
f4ee476a3c [API REVIEW] Validation.MessageExpression 2023-03-08 16:18:42 -08:00
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Jiahui Feng
68ac7acbce [API REVIEW] ValidatingAdmissionPolicyStatus 2023-03-07 15:43:34 -08:00
Maciej Szulik
1b825c179b
Promote CronJob TZ to GA 2023-03-07 12:58:57 +01:00
Kubernetes Prow Robot
04675428bb
Merge pull request #115973 from jpbetz/enforcement-actions 
KEP-3488: Implement Enforcement Actions and Audit Annotations
 2023-03-06 21:56:37 -08:00
Kubernetes Prow Robot
b4305fcf63
Merge pull request #115391 from haoruan/bugfix/allow-pv-nodeaffinity-to-be-mutable 
allow to mutate pv nodeaffinity label key
 2023-03-06 21:56:17 -08:00
Hao Ruan
c8d10dcaeb allow to mutate pv nodeaffinity label key 2023-03-07 11:16:10 +08:00
Joe Betz
932a4d9724 Generate code 2023-03-06 21:51:33 -05:00
Joe Betz
d221ddb89a Implement validationActions and auditAnnotations 2023-03-06 21:51:27 -05:00
Peter Schuurman
910ce0ed0b Run ./hack/update-* scripts to update generated files 2023-03-06 16:38:52 -08:00
Cici Huang
244c63a2e6 Apply resource constraints to ValidatingAdmissionPolicy. 2023-03-06 20:43:59 +00:00
Kubernetes Prow Robot
64259b43b8
Merge pull request #116054 from jpbetz/secondary-authz 
KEP-3488: Implement secondary authz for ValidatingAdmissionPolicy
 2023-03-06 11:54:16 -08:00
Kubernetes Prow Robot
77fad93d8d
Merge pull request #116109 from aerfio/aerfio/update-broken-links-autoscaling 
Update obsolete links to kubernetes.io/docs/user-guide in Go structs descriptions in autoscaling packages
 2023-03-06 09:24:29 -08:00
Joe Betz
7bbda746fe Implement secondary authz 2023-03-06 12:08:14 -05:00
Kubernetes Prow Robot
d48b8167f7
Merge pull request #115463 from SergeyKanzhelev/containerStatusDocs 
update docs for ContainerStatus fields
 2023-03-03 20:17:06 -08:00
Kubernetes Prow Robot
6260796b63
Merge pull request #116233 from SergeyKanzhelev/GRPCContainerProbeGA 
GRPCContainerProbe is GA
 2023-03-03 15:21:06 -08:00
Kubernetes Prow Robot
f7605cae7a
Merge pull request #115914 from ravisantoshgudimetla/promote-pdb 
Promote pdb
 2023-03-03 10:25:12 -08:00
Sergey Kanzhelev
b9b2bc8cb0 update docs for ContainerStatus fields 2023-03-02 22:36:15 +00:00
Sergey Kanzhelev
e360de48b2 GRPCContainerProbe is GA 2023-03-02 22:07:59 +00:00
Kubernetes Prow Robot
2b50e09f78
Merge pull request #115816 from ivelichkovich/celrefactor 
refactor validatingadmissionpolicy cel validator and compiler to be reusable
 2023-03-01 20:22:54 -08:00
Igor Velichkovich
e96ef31187 refactor admission cel validator and compiler to be reusable 2023-03-01 18:46:45 -06:00
kannon92
3489ace708 generated code 2023-03-01 21:43:25 +00:00
kannon92
cb9334ebb2 update batch apis 2023-03-01 20:39:47 +00:00
kannon92
2da3e839b0 remove ValidateJobSpec and add more test cases to batch validation 2023-03-01 20:39:47 +00:00
Kubernetes Prow Robot
e519921666
Merge pull request #115940 from ahg-g/ahg-mutable-ga 
Allow mutating schedulingGates in the Pod template for suspended Jobs
 2023-02-28 08:51:17 -08:00