github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
92,976 Commits 1 Branch 31 Tags
ff33efc164e78d12c2a250f901b6ec725184fd06
Commit Graph

39571 Commits

Author SHA1 Message Date
Christian Huffman
9a7b073f4d Updated fuzzer to get RoundTripTest passing 2020-07-11 23:29:24 -04:00
Christian Huffman
e65f0f565a Updated dependencies 2020-07-11 23:29:24 -04:00
Christian Huffman
58bd3e5230 Include CSIDriver SupportsFsGroup 2020-07-11 23:29:24 -04:00
Kubernetes Prow Robot
70f68dbf74 Merge pull request #92856 from saschagrunert/psp-seccomp-ga 
Implement PodSecurityPolicy enforcement for seccomp GA
 2020-07-11 15:35:22 -07:00
Joe Betz
b12ac0abc6 Enable nested tracing, add request filter chain tracing incl. authn/authz tracing 2020-07-11 06:42:00 -07:00
Hemant Kumar
b8c0435bc2 Handle volume-in-use error 2020-07-11 09:02:58 -04:00
Kubernetes Prow Robot
93e76f5081 Merge pull request #92442 from tedyu/grace-period-with-map 
Respect grace period when removing mirror pod
 2020-07-10 17:49:23 -07:00
Kubernetes Prow Robot
5a5cb56e11 Merge pull request #92816 from divyenpatel/change-migration-flag-to-beta 
Set CSIMigrationvSphere feature gates to beta
 2020-07-10 15:43:21 -07:00
Kubernetes Prow Robot
36b4c2942b Merge pull request #92815 from Huang-Wei/bypass-prefilter-svcaffinity 
Bypass PreFilter in ServiceAfffinity if AffinityLabels arg is not present
 2020-07-10 15:43:11 -07:00
Kubernetes Prow Robot
fbc9cf0894 Merge pull request #92797 from ahg-g/ahg-prefilter 
Return a FitError when PreFilter fails with unschedulable status
 2020-07-10 15:42:31 -07:00
Kubernetes Prow Robot
26da0ea91e Merge pull request #92794 from klueska/upstream-more-tests-get-preferred-allocation 
Add more tests for device plugin's GetPreferredAllocation() API
 2020-07-10 15:42:21 -07:00
Kubernetes Prow Robot
0cb7e320a5 Merge pull request #92784 from pohly/generic-ephemeral-inline-volumes 
generic ephemeral inline volumes
 2020-07-10 15:41:46 -07:00
Kubernetes Prow Robot
a6378d8b12 Merge pull request #92779 from fisherxu/patch-2 
Return err when create ContainerLogsDir failed
 2020-07-10 15:41:37 -07:00
Kubernetes Prow Robot
4efed03276 Merge pull request #91637 from robscott/endpointslice-mirroring 
Adding new EndpointSlice Mirroring Controller
 2020-07-10 10:19:48 -07:00
Sascha Grunert
96fb83c4c1 Implement PodSecurityPolicy enforcement for seccomp GA 
This implements the necessary pieced for the PodSecurityPolicy
enforcement like described in the appropriate KEP section:

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190717-seccomp-ga.md#podsecuritypolicy-enforcement

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-10 15:55:21 +02:00
Kubernetes Prow Robot
26f0227019 Merge pull request #91408 from saschagrunert/seccomp-api-migration 
Add seccomp GA version skew for pods
 2020-07-10 04:29:48 -07:00
Kubernetes Prow Robot
dd649bb7ef Merge pull request #91342 from mgugino-upstream-stage/evict-deleted-ok 
Eviction: ignore PDBs if pods with DeletionTimestamp
 2020-07-09 15:30:33 -07:00
Patrick Ohly
ff3e5e06a7 GenericEphemeralVolume: initial implementation 
The implementation consists of
- identifying all places where VolumeSource.PersistentVolumeClaim has
  a special meaning and then ensuring that the same code path is taken
  for an ephemeral volume, with the ownership check
- adding a controller that produces the PVCs for each embedded
  VolumeSource.EphemeralVolume
- relaxing the PVC protection controller such that it removes
  the finalizer already before the pod is deleted (only
  if the GenericEphemeralVolume feature is enabled): this is
  needed to break a cycle where foreground deletion of the pod
  blocks on removing the PVC, which waits for deletion of the pod

The controller was derived from the endpointslices controller.
 2020-07-09 23:29:24 +02:00
David Ashpole
1f70708f6c update cAdvisor to v0.37.0 2020-07-09 10:23:10 -07:00
Kubernetes Prow Robot
3a5e7ea986 Merge pull request #92752 from chendave/skip_preemption 
Cut off the cost to run filter plugins when no victim pods are found
 2020-07-09 09:10:10 -07:00
Kubernetes Prow Robot
10aeb93e07 Merge pull request #92736 from robscott/endpointslice-proxying-beta 
Graduating EndpointSliceProxying to beta for Linux
 2020-07-09 09:09:48 -07:00
Kubernetes Prow Robot
d9b084a9d1 Merge pull request #89629 from fatedier/subpath 
Modified subpath configmap mount fails when container restarts
 2020-07-09 09:06:32 -07:00
David Eads
1233a6f63e generated 2020-07-09 08:14:55 -04:00
David Eads
e88fecf26b allow setting different certificates for kube-controller-managed CSR signers 2020-07-09 08:14:55 -04:00
Kubernetes Prow Robot
70e09f2c24 Merge pull request #88842 from angao/fit-arg 
add args for NodeResourcesFit plugin
 2020-07-09 05:04:10 -07:00
Patrick Ohly
32fdf688b3 GenericEphemeralVolume: 'make update' for API 2020-07-09 11:03:03 +02:00
Patrick Ohly
c05c8e915b GenericEphemeralVolume: feature gate, API, documentation 
As explained in
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1698-generic-ephemeral-volumes,
CSI inline volumes are not suitable for more "normal" kinds of storage
systems. For those a new approach is needed: "generic ephemeral inline
volumes".
 2020-07-09 11:02:59 +02:00
Giuseppe Scrivano
0d2a493a8f kubelet: skip setting the devices cgroup 
use the new libcontainer feature of skipping setting the devices
cgroup.  This is necessary on cgroup v2 to avoid leaking a eBPF
program every time the cgroup is re-configured.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2020-07-09 09:37:46 +02:00
Kubernetes Prow Robot
83f50ba0e8 Merge pull request #92542 from dgrisonnet/cli-fix-event-series 
Fix v1beta1.Event printing in kubectl
 2020-07-09 00:05:30 -07:00
Kubernetes Prow Robot
55d77ade67 Merge pull request #92489 from alculquicondor/sig-storage-ownership 
Add SIG storage owner aliases
 2020-07-09 00:05:20 -07:00
Kubernetes Prow Robot
94a08e159a Merge pull request #92387 from pohly/csi-storage-capacity 
CSI storage capacity check
 2020-07-09 00:04:59 -07:00
Kubernetes Prow Robot
c2e6e147be Merge pull request #92160 from YuikoTakada/add_deprecated_description_scheduling_duration_seconds 
Add Deprecated description to metrics scheduling_duration_seconds
 2020-07-09 00:04:48 -07:00
Kubernetes Prow Robot
1e3eeba9fa Merge pull request #91577 from knabben/kubelet-bootstrap 
kubelet: remove the --bootstrap-checkpoint-path feature
 2020-07-09 00:03:41 -07:00
Kubernetes Prow Robot
4ee555252c Merge pull request #83710 from edwardstudy/ed/typo 
Fix comment typos in pkg/kubelet/prober
 2020-07-09 00:02:58 -07:00
ZeroMagic
7e7cf6a314 add tags support for azure file driver 
Signed-off-by: ZeroMagic <jiliu8@microsoft.com>
 2020-07-09 03:47:24 +00:00
Paulo Gomes
b451563560 Add seccomp least privilege for kuberuntime 2020-07-08 22:03:29 +01:00
Ted Yu
a76a959294 Respect grace period when removing mirror pod 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-07-08 13:38:24 -07:00
Joel Smith
f34b586d01 Include pod /etc/hosts in ephemeral storage calculation for eviction 2020-07-08 12:58:11 -06:00
Wei Huang
d65a97848e codegen 2020-07-08 09:58:42 -07:00
Wei Huang
4b26ef2217 Remove DisablePreemption field from SchedulerConfig v1beta1 
DisablePreemption field can be removed as it can be deduced from PostFilterPlugins.
 2020-07-08 09:58:42 -07:00
Antonio Ojea
924553b7ee iptables don't do reverse DNS lookups 
the iptables monitor was using iptables -L to list the chains,
without the -n option, so it was trying to do reverse DNS lookups.
A side effect is that it was holding the lock, so other components
could not use it.
We can use -S instead of -L -n to avoid this, since we only want
to check the chain exists.
 2020-07-08 18:39:22 +02:00
Anthony ARNAUD
056d73b1a1 Add deviceManager in windows container manager 2020-07-08 18:22:16 +02:00
Divyen Patel
e01de65444 setting CSIMigrationvSphere feature gates to beta 2020-07-08 07:36:44 -07:00
Chelsey Chen
e010436e2a Update conversion between ReportingController and Source.Component 2020-07-08 08:46:38 -04:00
andyzhangx
f007c68ae9 doc: deprecate azure blob disk feature 2020-07-08 10:48:58 +00:00
Damien Grisonnet
ceb8c2fbf4 Fix v1beta1 events printing in kubectl 
printers: handle series when printing events
printers: handle singleton when printing events

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
 2020-07-08 12:09:41 +02:00
Rob Scott
8039cf9bb1 Graduating EndpointSliceProxying to beta for Linux 2020-07-07 14:18:03 -07:00
Wei Huang
9d377eb655 Add pdbLister as a member field of struct DefaultPreemption 2020-07-07 12:25:53 -07:00
Jordan Liggitt
8d03ace92b Move proxy features to kube_features 2020-07-07 12:34:18 -04:00
Quan Tian
087682584d Fix memory leak in endpointSliceTracker 
endpointSliceTracker creates a set of resource versions for each
service, the resource versions in the set could be deleted when
endpointslices are deleted, but the set and its key in the map is never
deleted, leading to memory leak.

This patch deletes the set if the service is deleted, and stops
initializing an empty set when "read-only" methods "Has" and "Stale" are
called.
 2020-07-08 00:15:30 +08:00