github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 09:52:49 +00:00
Code Issues Projects Releases Wiki Activity
115,151 Commits 42 Branches 7,874 Tags 1.3 GiB
master
Commit Graph

4046 Commits

Author SHA1 Message Date
Michal Wozniak
b5dd5f1f3a Investigate and fix the handling of Succeeded pods in DaemonSet 2023-04-04 19:21:15 +02:00
Tim Allclair
7537cec567
Fix MatchConditions webhook validation testing (#116784) 
* Fix MatchConditions webhook validation testing

* #squash verify error type

* #squash fix duplicate registration

* #squash uncomment validation test
 2023-03-21 21:38:35 -07:00
Kubernetes Prow Robot
8dd3807f4d
Merge pull request #116770 from alexzielenski/agg-discovery-err-sources 
Fix aggregated discovery race when using CRD and Aggregated APIService under same group
 2023-03-21 15:18:12 -07:00
Alexander Zielenski
933dfe3a51 use longer timeouts to avoid flakes on heavily loaded systems 2023-03-21 14:18:34 -07:00
Alexander Zielenski
0740b11073 allow multiple sources to add/remove from discovery without clobbering each other 2023-03-21 14:14:23 -07:00
Monis Khan
e9866d2794
Clear front proxy headers after authentication is complete 
This matches the logic we have for the Authorization header as well
as the impersonation headers.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-03-21 10:51:22 -04:00
Kubernetes Prow Robot
15894cfc85
Merge pull request #116550 from alculquicondor/fix-bind-uid 
Preserve UID and ResourceVersion in BindingREST
 2023-03-20 08:49:20 -07:00
Kubernetes Prow Robot
fe91bc257b
Merge pull request #116554 from atiratree/eviction-resource-version-fix 
API-initiated eviction: handle deleteOptions correctly
 2023-03-17 16:59:15 -07:00
Filip Křepinský
51c0e2374f API-initiated eviction: handle deleteOptions correctly 
when adding a DisruptionTarget condition into a pod that will be deleted

- handle ResourceVersion and Preconditions correctly
- handle DryRun option correctly

Co-authored-by: Jordan Liggitt jordan@liggitt.net
 2023-03-17 22:18:07 +01:00
Kubernetes Prow Robot
a34e37c996
Merge pull request #113218 from ahmedtd/kep-3257 
Add certificates.k8s.io/v1alpha1 ClusterTrustBundle
 2023-03-16 11:13:20 -07:00
Sathyanarayanan Saravanamuthu
c84c8add70
Decouple batch/job back-off logic from workqueues (#114768) 
* batch/job: decouple backoff from workqueue

Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>

* Resolving review comments

* Resolving more review comments

* Resolving review comments

Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>

* Computing finish time to now when FinishedAt is unix epoch

* Addressing review comments

Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>

---------

Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2023-03-16 10:15:21 -07:00
Taahir Ahmed
51f759aa05 ClusterTrustBundles: kube-apiserver integration tests 2023-03-15 20:19:48 -07:00
Kubernetes Prow Robot
50070e664b
Merge pull request #116626 from nilekhc/fix-kmsv2-healthz-flake 
[KMSv2] fix: increases timeout to avoid flake
 2023-03-14 20:28:34 -07:00
Igor Velichkovich
5e5b3029f3
Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 
* api changes adding match conditions

* feature gate and registry strategy to drop fields

* matchConditions logic for admission webhooks

* feedback

* update test

* import order

* bears.com

* update fail policy ignore behavior

* update docs and matcher to hold fail policy as non-pointer

* update matcher error aggregation, fix early fail failpolicy ignore, update docs

* final cleanup

* openapi gen
 2023-03-14 20:28:26 -07:00
Kubernetes Prow Robot
c072cae4d0
Merge pull request #108838 from nckturner/webhook-framework 
Webhook framework for cloud controller manager
 2023-03-14 20:28:14 -07:00
Kubernetes Prow Robot
15040e1c86
Merge pull request #115123 from aramase/v2beta1 
[KMSv2] Generate proto API and update feature gate for beta
 2023-03-14 19:26:25 -07:00
Nilekh Chaudhari
c09aa7dead
fix: increases timeout to avoid flake 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2023-03-15 00:18:58 +00:00
Nick Turner
86f4136003 Webhook framework for cloud controller manager 
Provides framework for CCMs to host webhooks.
 2023-03-14 23:28:05 +00:00
Anish Ramasekar
ad698cc0ae
[KMSv2] Generate proto API and update feature gate for beta 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2023-03-14 23:18:16 +00:00
Antonio Ojea
ca1cba8f91 integration etcd data 2023-03-14 22:58:11 +00:00
Antonio Ojea
23252d70b4 add integration test 2023-03-14 22:58:11 +00:00
Kubernetes Prow Robot
fbfc887a09
Merge pull request #116556 from pohly/dra-podschedulingcontext 
dra: PodScheduling -> PodSchedulingContext
 2023-03-14 15:14:34 -07:00
Aldo Culquicondor
d1dfa89953
Add integration test for DefaultBinder 
Change-Id: I71ea08104024403a7d9ebcf3725fc3ff17997229
 2023-03-14 13:57:11 -04:00
Kubernetes Prow Robot
4950f51903
Merge pull request #116155 from enj/enj/f/dek_reuse 
kmsv2: re-use DEK while key ID is unchanged
 2023-03-14 10:40:28 -07:00
Kubernetes Prow Robot
49649c89ea
Merge pull request #113584 from yangjunmyfm192085/volume-contextual-logging 
volume: use contextual logging
 2023-03-14 10:40:16 -07:00
Kubernetes Prow Robot
f769c66aa8
Merge pull request #113622 from 249043822/br-context-logging-daemon 
daemonset: use contextual logging
 2023-03-14 09:38:28 -07:00
Kubernetes Prow Robot
689fc37dd2
Merge pull request #112334 from dgrisonnet/fix-eventseries-count 
Fix EventSeries starting count discrepancy
 2023-03-14 07:28:16 -07:00
Monis Khan
832d6f0e19
kmsv2: re-use DEK while key ID is unchanged 
This change updates KMS v2 to not create a new DEK for every
encryption.  Instead, we re-use the DEK while the key ID is stable.

Specifically:

We no longer use a random 12 byte nonce per encryption.  Instead, we
use both a random 4 byte nonce and an 8 byte nonce set via an atomic
counter.  Since each DEK is randomly generated and never re-used,
the combination of DEK and counter are always unique.  Thus there
can never be a nonce collision.  AES GCM strongly encourages the use
of a 12 byte nonce, hence the additional 4 byte random nonce.  We
could leave those 4 bytes set to all zeros, but there is no harm in
setting them to random data (it may help in some edge cases such as
live VM migration).

If the plugin is not healthy, the last DEK will be used for
encryption for up to three minutes (there is no difference on the
behavior of reads which have always used the DEK cache).  This will
reduce the impact of a short plugin outage while making it easy to
perform storage migration after a key ID change (i.e. simply wait
ten minutes after the key ID change before starting the migration).

The DEK rotation cycle is performed in sync with the KMS v2 status
poll thus we always have the correct information to determine if a
read is stale in regards to storage migration.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-03-14 10:23:50 -04:00
Patrick Ohly
fec5233668 api: resource.k8s.io PodScheduling -> PodSchedulingContext 
The name "PodScheduling" was unusual because in contrast to most other names,
it was impossible to put an article in front of it. Now PodSchedulingContext is
used instead.
 2023-03-14 10:18:08 +01:00
Patrick Ohly
29941b8d3e api: resource.k8s.io v1alpha1 -> v1alpha2 
For Kubernetes 1.27, we intend to make some breaking API changes:
- rename PodScheduling -> PodSchedulingHints (https://github.com/kubernetes/kubernetes/issues/114283)
- extend ResourceClaimStatus (https://github.com/kubernetes/enhancements/pull/3802)

We need to switch from v1alpha1 to v1alpha2 for that.
 2023-03-14 07:52:03 +01:00
ZhangKe10140699
7198bcffcd daemonset: use contextual logging 2023-03-14 08:50:27 +08:00
杨军10092085
361e4ff0fa volume: use contextual logging 2023-03-14 08:37:30 +08:00
Kubernetes Prow Robot
a0b1bee7c5
Merge pull request #115840 from atosatto/remove-taint-manager-cli 
Remove enable-taint-manager and pod-eviction-timeout CLI flags
 2023-03-13 08:13:10 -07:00
Kubernetes Prow Robot
492a08c916
Merge pull request #113525 from 249043822/br-context-logging-deployment 
deployment controller: use contextual logging
 2023-03-13 08:13:02 -07:00
Damien Grisonnet
d00364902b events: fix EventSeries starting count discrepancy 
The kube-apiserver validation expects the Count of an EventSeries to be
at least 2, otherwise it rejects the Event. There was is discrepancy
between the client and the server since the client was iniatizing an
EventSeries to a count of 1.

According to the original KEP, the first event emitted should have an
EventSeries set to nil and the second isomorphic event should have an
EventSeries with a count of 2. Thus, we should matcht the behavior
define by the KEP and update the client.

Also, as an effort to make the old clients compatible with the servers,
we should allow Events with an EventSeries count of 1 to prevent any
unexpected rejections.

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
 2023-03-13 13:31:07 +01:00
Kubernetes Prow Robot
185cd95b9c
Merge pull request #113443 from yangjunmyfm192085/namespace-contextual-logging 
namespace controller: use contextual logging
 2023-03-13 04:34:44 -07:00
ZhangKe10140699
66bda6c092 deployment controller: use contextual logging 2023-03-13 19:00:44 +08:00
JunYang
f5bd8c86d4 namespace controller: use contextual logging 2023-03-13 14:59:17 +08:00
Kubernetes Prow Robot
0010333bdd
Merge pull request #116161 from danielvegamyhre/mutable-scheduling-directives 
Mutable pod scheduling directives
 2023-03-10 12:40:58 -08:00
Daniel Vega-Myhre
86f41dc012 mutable pod scheduling directives 2023-03-10 18:30:09 +00:00
Kubernetes Prow Robot
2e3c5003b9
Merge pull request #115630 from Jefftree/agg-discovery-metrics 
Add metrics for aggregated discovery
 2023-03-10 07:44:41 -08:00
Kubernetes Prow Robot
cb00077cd3
Merge pull request #113471 from ncdc/gc-contextual-logging 
garbagecollector: use contextual logging
 2023-03-10 04:34:39 -08:00
Kubernetes Prow Robot
16d2d55bc0
Merge pull request #115969 from DangerOnTheRanger/messageExpression-for-crd 
Add messageExpression field for CRD validation
 2023-03-09 22:43:19 -08:00
Kubernetes Prow Robot
e8ae6658ed
Merge pull request #115065 from apelisse/apimachinery-managed-fields 
managedfields: Move most of fieldmanager package to managefields
 2023-03-09 21:34:22 -08:00
Kermit Alexander II
4e26f680a9 Implement MessageExpression. 2023-03-09 23:37:59 +00:00
Jefftree
387d97605e Add metrics for aggregated discovery 2023-03-09 17:24:02 +00:00
Kubernetes Prow Robot
f90643435e
Merge pull request #113840 from 249043822/br-context-logging-statefulset 
statefulset: use contextual logging
 2023-03-09 06:42:02 -08:00
Kubernetes Prow Robot
30ee6914c5
Merge pull request #115149 from nilekhc/encrypt-all 
Allow encryption for all resources
 2023-03-08 16:55:59 -08:00
Maksim Nabokikh
c1431af4f8
KEP-3325: Promote SelfSubjectReview to Beta (#116274) 
* Promote SelfSubjectReview to Beta

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fix whoami API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes according to code review

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

---------

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2023-03-08 15:42:33 -08:00
Jiahui Feng
0a954cc10d always get fresh object before updating. 2023-03-08 15:17:58 -08:00