github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-20 10:20:51 +00:00
Code Issues Projects Releases Wiki Activity
115,151 Commits 42 Branches 7,874 Tags 1.3 GiB
master
Commit Graph

59 Commits

Author SHA1 Message Date
TommyStarK
9e885bce35 test/integration: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-05 18:38:40 +01:00
Mengjiao Liu
a3d00c15b6 Remove ExpandPersistentVolumes feature gate 2022-12-15 11:43:50 +08:00
Sergey Kanzhelev
39e49a91d7 remove DynamicKubeletConfig feature gate from the code 2022-09-23 23:14:19 +00:00
Hemant Kumar
9343cce20b remove ExpandPersistentVolume feature gate 2022-03-24 10:02:47 -04:00
ahrtr
fe95aa614c io/ioutil has already been deprecated in golang 1.16, so replace all ioutil with io and os 2022-02-03 05:32:12 +08:00
Jordan Liggitt
33ad842480 allow evictions subresource to accept policy/v1 and policy/v1beta1 2021-04-13 21:22:25 -04:00
ialidzhikov
bc432124a2 Remove CSINodeInfo feature gate 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2020-12-10 09:58:22 +02:00
Ted Yu
9f95fdd3cd Mirror pod without OwnerReference should not be created 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-06-21 08:00:17 -07:00
Kevin
bd961781d7 prevent update handler being called on disallowed CreateOnUpdate 2020-06-12 13:04:17 +00:00
Jordan Liggitt
d8abacba40 client-go: update expansions callers 2020-03-06 16:50:41 -05:00
Mike Danese
c58e69ec79 automated refactor 2020-03-05 14:59:46 -08:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Tim Allclair
9d3670f358 Ensure testing credentials are labeled as such 2020-02-04 10:36:05 -08:00
Mike Danese
d55d6175f8 refactor 2020-01-29 08:50:45 -08:00
tanjunchen
264a1cf5f6 staticcheck:test/integration/auth/ 2020-01-07 15:23:19 +08:00
danielqsj
6596a14d39 add missing alias of api errors under test 2019-12-26 17:29:38 +08:00
wojtekt
ffad401b4e Promote NodeLease feature to GA 2019-11-05 09:01:12 +01:00
Michelle Au
2d467ed9d8 Update tests to use v1.CSINode 2019-10-28 13:41:13 -07:00
Kubernetes Prow Robot
09c4e10333
Merge pull request #74021 from andrewsykim/move-features-component-base 
Move feature gate package from k8s.io/apiserver to k8s.io/component-base
 2019-05-08 13:06:34 -07:00
Daniel (Shijun) Qian
5268f69405 fix duplicated imports of k8s code (#77484) 
* fix duplicated imports of api/core/v1

* fix duplicated imports of client-go/kubernetes

* fix duplicated imports of rest code

* change import name to more reasonable
 2019-05-08 10:12:47 -07:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
yue9944882
8f601d3413 prune internal client references from test/* 2019-04-09 21:43:55 +08:00
Michelle Au
08330c37ca lock csi and plugin watcher GA feature gates 2019-03-05 09:59:05 -08:00
Xing Yang
d69e0ff3f0 Enable CSI test suite and fix test failures 2019-03-04 16:42:13 -08:00
Andrew Kim
01933b02a3 replace usage of v1beta1 VolumeAttachments with v1 2019-02-27 15:42:12 -05:00
Jordan Liggitt
cdfb5d3170 Make pod eviction trigger graceful deletion to match deletion via API 2019-01-25 23:35:49 -05:00
Bobby (Babak) Salamat
c2a4d2cbdf Add a default admission controller to taint new nodes on creation. 2019-01-24 10:31:23 -08:00
Jordan Liggitt
8d7cc39031 Remove self-deletion permissions from kubelets 2018-11-14 00:42:06 -05:00
David Zhu
4621887037 Updated test files with new fields 2018-11-08 19:45:01 -08:00
saad-ali
a679486a5e Register CSI CRDs as addon 2018-11-06 10:58:09 -08:00
Monis Khan
f39158a310
Add CRDs to etcd storage path test 
This change updates the etcd storage path test to exercise custom
resource storage by creating custom resource definitions before
running the test.

Duplicated custom resource definition test logic was consolidated.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2018-11-04 16:54:35 -05:00
Cheng Xing
c65d7c9a49 NodeAuthorizer and NodeRestriction integration test for CSINodeInfo permissions 2018-10-03 14:31:16 -07:00
Cheng Xing
becc6a9c19 Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction. 2018-09-06 19:16:51 -07:00
Michael Taufen
1b7d06e025 Kubelet creates and manages node leases 
This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on [KEP-0009](https://github.com/kubernetes/community/blob/master/keps/sig-node/0009-node-heartbeat.md),
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.

- add NodeLease feature gate
- add kube-node-lease system namespace for node leases
- add Kubelet option for lease duration
- add Kubelet-internal lease controller to create and update lease
- add e2e test for NodeLease feature
- modify node authorizer and node restriction admission controller
to allow Kubelets access to corresponding leases
 2018-08-26 16:03:36 -07:00
yue9944882
f624a4efb8 externalize node admission 
fixes internal pod annotation reference

completely strip internal informers from authz initialization
 2018-08-21 23:33:03 +08:00
yue9944882
bc1fb1f7e8 node authz/ad externalization 2018-08-09 10:57:30 +08:00
Michael Taufen
b5648c3f61 dynamic Kubelet config reconciles ConfigMap updates 2018-05-21 09:03:58 -07:00
Jordan Liggitt
736f5e2349
Revert "authz: nodes should not be able to delete themselves" 
This reverts commit 35de82094a.
 2018-05-11 09:37:21 -04:00
Jordan Liggitt
8161033be4
Make node restriction admission pod lookups use an informer 2018-05-10 07:53:46 -04:00
Michael Taufen
c41cf55a2c explicit kubelet config key in Node.Spec.ConfigSource.ConfigMap 
This makes the Kubelet config key in the ConfigMap an explicit part of
the API, so we can stop using magic key names.

As part of this change, we are retiring ConfigMapRef for ConfigMap.
 2018-05-08 15:37:26 -07:00
Mike Danese
35de82094a authz: nodes should not be able to delete themselves 2018-04-20 10:22:07 -07:00
Michael Taufen
ab8dc12333 node authorizer sets up access rules for dynamic config 
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.

I also added some validation to the node strategy, which I discovered we
were missing while writing this.
 2018-03-27 08:49:45 -07:00
Mike Danese
b43cd7307d noderestriction: restrict nodes TokenRequest permission 
nodes should only be able to create TokenRequests if:
* token is bound to a pod
* binding has uid and name
* the pod exists
* the pod is running on that node
 2018-02-26 13:46:19 -08:00
Dr. Stefan Schimanski
4e0114b0dd apiserver: make SecureServingOptions and authz/n options re-usable 2018-02-13 11:16:38 +01:00
NickrenREN
7b9d2c046f Use v1beta1 VolumeAttachment 2018-01-31 18:46:11 +08:00
Jordan Liggitt
ecfd18e2a6
Add get volumeattachments support to Node authorizer 2018-01-17 00:00:18 -05:00
Jordan Liggitt
ba09fadecf
Plumb versioned informers to authz config 2018-01-16 23:30:53 -05:00
Eric Chiang
ce0a8303d6 integration: add retries to node authorizer tests 2018-01-10 15:55:18 -08:00
Hemant Kumar
1b76b0b2ff Allow node to update PVC's status 
Implement node policy feature gates
Add tests for node policy update
 2017-11-22 14:32:50 -05:00