github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 10:43:56 +00:00
Code Issues Projects Releases Wiki Activity
118,932 Commits 42 Branches 7,905 Tags 1.3 GiB
1132fd0afd
Commit Graph

118932 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
HirazawaUi
1132fd0afd add tcp_fin_timeout, tcp_keepalive_intvl and tcp_keepalive_probes to safe sysctls 2023-10-15 23:05:40 +08:00
Kubernetes Prow Robot
8e8ac86cf1
Merge pull request #120861 from RomanBednar/retro-sc-assignment-cleanup 
remove RetroactiveDefaultStorageClass feature gate
 2023-10-15 07:05:46 +02:00
Kubernetes Prow Robot
378866edba
Merge pull request #120518 from saschagrunert/metrics-container-start 
kubelet: fix metric `container_start_time_seconds` timestamp
 2023-10-15 07:05:37 +02:00
Kubernetes Prow Robot
580304cb22
Merge pull request #118006 from liyuerich/dependency-b 
dependencies: update github.com/ishidawataru/sctp
 2023-10-15 07:05:29 +02:00
Kubernetes Prow Robot
d6b8e487e2
Merge pull request #117859 from Penguin-zlh/bump-dependencies-godbus-dbus 
bump dependencies: github.com/godbus/dbus/v5 to v5.1.0
 2023-10-15 07:05:15 +02:00
Kubernetes Prow Robot
c65b0b71e7
Merge pull request #120606 from f4nd0y/replace-hardcode-with-exists-variable 
replace hardcode with exists variable
 2023-10-15 05:55:50 +02:00
Kubernetes Prow Robot
c40bc8c7d8
Merge pull request #120503 from dgrisonnet/body-size 
Rename request body size metric to conform with Prometheus best practices
 2023-10-15 05:55:39 +02:00
Kubernetes Prow Robot
e606314f2f
Merge pull request #118768 from killshotrevival/master 
Fail validation if container restart policy is 'Never' and resource resize restart policy isn't 'NotRequired'
 2023-10-15 04:13:34 +02:00
Kubernetes Prow Robot
4d8a51acac
Merge pull request #121229 from aojea/remove_cluster_cidr 
remove ClusterCIDR alpha API
 2023-10-15 02:56:33 +02:00
Kubernetes Prow Robot
cf54acce5c
Merge pull request #120274 from danwinship/kube-proxy-config-docs 
kube-proxy config/CLI doc fixups
 2023-10-15 02:56:24 +02:00
Kubernetes Prow Robot
4a94a570bd
Merge pull request #121182 from cpanato/update-rulz 
Update publishing-bot rules for active release branches that uses go120 to Go 1.20.10
 2023-10-14 23:50:46 +02:00
Kubernetes Prow Robot
675a64eaa6
Merge pull request #121129 from carlory/cleanup-e2e-framework-equal 
remove deprecated framework.ExpectEqual
 2023-10-14 23:50:37 +02:00
Kubernetes Prow Robot
ae9dc3330e
Merge pull request #120874 from ruquanzhao/fixDevicePluginProbeCI 
fix DevicePluginProbe node-e2e: pod and kubelet restarts
 2023-10-14 23:50:28 +02:00
Kubernetes Prow Robot
43e617f252
Merge pull request #120248 from pacoxu/grpc-container-probe 
remove feature gate GRPCContainerProbe
 2023-10-14 23:50:20 +02:00
Kubernetes Prow Robot
9988f6371b
Merge pull request #120192 from SataQiu/remove-featuregate-20230827 
Remove GAed feature gates CronJobTimeZone, JobMutableNodeSchedulingDirectives and LegacyServiceAccountTokenNoAutoGeneration
 2023-10-14 23:50:11 +02:00
Kubernetes Prow Robot
414a5f6692
Merge pull request #119100 from bzsuni/ga/JobTrackingWithFinalizers 
Remove GA featuregate about JobTrackingWithFinalizers in 1.28
 2023-10-14 23:50:01 +02:00
Kubernetes Prow Robot
fea759baeb
Merge pull request #119063 from saschagrunert/makefile-remote-runtime 
Remove reference to `RUNTIME` variable in `build/root/Makefile`
 2023-10-14 23:49:52 +02:00
Kubernetes Prow Robot
e0426ffd62
Merge pull request #118806 from abhigyadufare/patch-1 
Error Typofix
 2023-10-14 23:49:43 +02:00
Kubernetes Prow Robot
f136f42d66
Merge pull request #118121 from boglarkla/patch-1 
fixed typo in get-kube.sh
 2023-10-14 23:49:34 +02:00
Kubernetes Prow Robot
52cba2d8d8
Merge pull request #117411 from tenzen-y/add-multiply-method 
quantity: Add multiplication methods
 2023-10-14 23:49:26 +02:00
Kubernetes Prow Robot
95bd8b95a7
Merge pull request #100448 from saschagrunert/cri-stats-log 
Do not error log CRI stats for not cached partitions
 2023-10-14 23:49:12 +02:00
Kubernetes Prow Robot
f07df93ffb
Merge pull request #119566 from haircommander/cri-owners 
cri-api: add CRI implementation maintainers as approvers
 2023-10-14 22:42:15 +02:00
Kubernetes Prow Robot
4911aad463
Merge pull request #115702 from xyz-li/master 
Fix:  kubelet will not output logs after log file is rotated
 2023-10-14 22:42:04 +02:00
Antonio Ojea
c2d473f0d4 remove ClusterCIDR 
KEP-2593 proposed to expand the existing node-ipam controller
to be configurable via a ClusterCIDR objects, however, there
were reasonable doubts on the SIG about the feature and after
several months of dicussions we decided to not move forward
with the KEP intree, hence, we are going to remove the existing
code, that is still in alpha.

https://groups.google.com/g/kubernetes-sig-network/c/nts1xEZ--gQ/m/2aTOUNFFAAAJ

Change-Id: Ieaf2007b0b23c296cde333247bfb672441fe6dfc
 2023-10-14 19:06:22 +00:00
Kubernetes Prow Robot
d18a97cf3d
Merge pull request #121224 from liggitt/gate 
Register UnauthenticatedHTTP2DOSMitigation into kube components
 2023-10-14 03:01:12 +02:00
Kubernetes Prow Robot
b87cae907d
Merge pull request #121001 from jiahuif-forks/feature/validating-admission-policy/typed-composition-variables 
ValidatingAdmissionPolicy: typed variables support.
 2023-10-14 01:55:43 +02:00
Kubernetes Prow Robot
088f8c0ec5
Merge pull request #121096 from alexzielenski/common-schema 
add rest of accessors to common.Schema
 2023-10-14 00:00:54 +02:00
Jordan Liggitt
c72923b17a
Register UnauthenticatedHTTP2DOSMitigation into kube components 2023-10-13 17:50:31 -04:00
Yuki Iwai
ddcbae734a Add a 0 × 0 case 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-10-14 05:54:15 +09:00
Yuki Iwai
fb2e28b070 Verify more carefully the results in the TestInt64AmountMul 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-10-14 05:53:45 +09:00
Yuki Iwai
4de3e73b8a Add test cases for mostPositive and mostNegative 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-10-14 04:42:28 +09:00
Yuki Iwai
685ae02433 Add more unit tests 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-10-14 04:42:28 +09:00
Yuki Iwai
79325b6178 Multiply by a scalar 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-10-14 04:42:28 +09:00
Yuki Iwai
4381eb7237 quantity: Add multiplication methods 
Add multiplication functionality to Quantity.

Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2023-10-14 04:42:28 +09:00
Kubernetes Prow Robot
0851995a61
Merge pull request #121158 from siyuanfoundation/test-list 
k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests.
 2023-10-13 15:46:52 +02:00
Kubernetes Prow Robot
89f124cd70
Merge pull request #121216 from cpanato/update-distroless 
Bump distroless-iptables to v0.4.1
 2023-10-13 14:37:39 +02:00
Kubernetes Prow Robot
86ba008787
Merge pull request #120990 from tkashem/fix-race-apf-test 
APF: fix data race in unit tests
 2023-10-13 14:37:30 +02:00
Kubernetes Prow Robot
c2db4d03dc
Merge pull request #121136 from carlory/fix-kubeadm-2941 
kubeadm: using struct option rather than a long list of parameters
 2023-10-13 12:31:21 +02:00
carlory
db8e106e3f Code Refactor: using struct option rather than a long list of parameters 
Co-authored-by: Shida Qiu <shidaqiu2018@gmail.com>
 2023-10-13 17:17:03 +08:00
cpanato
b0c7956a86
Bump distroless-iptables to v0.4.1 
Signed-off-by: cpanato <ctadeu@gmail.com>
 2023-10-13 11:00:04 +02:00
Kubernetes Prow Robot
b40f1c00e2
Merge pull request #121203 from enj/enj/i/h2_dos_flake 
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests
 2023-10-13 05:03:05 +02:00
Kubernetes Prow Robot
a7f8c2f787
Merge pull request #118846 from cyclinder/net.ipv4.tcp_keepalive_time 
Mark net.ipv4.tcp_keepalive_time as a safe sysctl
 2023-10-13 05:02:51 +02:00
Kubernetes Prow Robot
0d63366bdf
Merge pull request #121195 from borg-land/rundir-ignore 
Add rundir folder to gitignore
 2023-10-13 03:52:34 +02:00
Kubernetes Prow Robot
4c8fca2f06
Merge pull request #112894 from pohly/e2e-framework-test-labels 
e2e framework: test labels
 2023-10-13 02:40:43 +02:00
Monis Khan
cd5db9b7f2
Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests 
These occasionally flake on CI:

https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/121200/pull-kubernetes-unit-go-compatibility/1712589824344461312

=== Failed
=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)
    authentication_test.go:653: expect TCP connection: 1, actual: 2
        --- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s)

=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)
    --- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s)

=== FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose (2.30s)

Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-10-12 19:13:07 -04:00
Kubernetes Prow Robot
cb713c15e9
Merge pull request #121120 from enj/enj/i/h2_dos 
Prevent rapid reset http2 DOS on API server
 2023-10-13 00:05:46 +02:00
upodroid
80e378181e add rundir folder to gitignore 2023-10-12 21:54:59 +01:00
Monis Khan
800a8eaba7
Prevent rapid reset http2 DOS on API server 
This change fully addresses CVE-2023-44487 and CVE-2023-39325 for
the API server when the client is unauthenticated.

The changes to util/runtime are required because otherwise a large
number of requests can get blocked on the time.Sleep calls.

For unauthenticated clients (either via 401 or the anonymous user),
we simply no longer allow such clients to hold open http2
connections.  They can use http2, but with the performance of http1
(with keep-alive disabled).

Since this change has the potential to cause issues, the
UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to
remove this protection (it is enabled by default).  For example,
when the API server is fronted by an L7 load balancer that is set up
to mitigate http2 attacks, unauthenticated clients could force
disable connection reuse between the load balancer and the API
server (many incoming connections could share the same backend
connection).  An API server that is on a private network may opt to
disable this protection to prevent performance regressions for
unauthenticated clients.

For all other clients, we rely on the golang.org/x/net fix in
b225e7ca6d
That change is not sufficient to adequately protect against a
motivated client - future changes to Kube and/or golang.org/x/net
will be explored to address this gap.

The Kube API server now uses a max stream of 100 instead of 250
(this matches the Go http2 client default).  This lowers the abuse
limit from 1000 to 400.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-10-12 16:54:07 -04:00
Kubernetes Prow Robot
2b4ef19578
Merge pull request #121191 from dims/update-busybox-sha-based-image-to-match-tag-1.36-1-1 
Update busybox SHA based image to match tag - 1.36.1-1
 2023-10-12 22:49:43 +02:00
Kubernetes Prow Robot
1cc9479720
Merge pull request #121189 from nilekhc/validation-doc 
[KMSv2] chore: updates api doc
 2023-10-12 22:49:35 +02:00