github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity
101,997 Commits 42 Branches 7,905 Tags 1.3 GiB
1345a802de
Commit Graph

101997 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Prow Robot
1345a802de
Merge pull request #103187 from Haleygo/fix-dry-run-when-using-externalCA 
Kubeadm init --dry-run should work when using an external ca
 2021-07-02 07:58:25 -07:00
Kubernetes Prow Robot
ce3bf862ee
Merge pull request #102964 from neolit123/1.22-decouple-bootstraptoken-api 
kubeadm: decouple the bootstraptoken API from the kubeadm API
 2021-07-02 07:58:13 -07:00
Kubernetes Prow Robot
93119f4503
Merge pull request #103432 from p0lyn0mial/lifecycle_events 
simply renames terminationSignals to lifecycleSignals
 2021-07-02 05:44:13 -07:00
Haleygo
6d6d200c3a dry-run can work when using an external ca 2021-07-02 18:53:51 +08:00
Lukasz Szaszkiewicz
6c88a62cb4 remove logging from the Signal method 2021-07-02 12:50:20 +02:00
Lukasz Szaszkiewicz
dae08bc3a7 rename terminationSignals to lifecycleSignals 2021-07-02 12:40:58 +02:00
Kubernetes Prow Robot
defcc916ed
Merge pull request #103382 from liggitt/podsecurity-hostprocess 
[PodSecurity] hostProcess baseline check
 2021-07-02 01:16:24 -07:00
Kubernetes Prow Robot
3e0432c3e1
Merge pull request #102168 from adisky/credential-provider-1 
Improve concurrency and cache for kubelet credential provider
 2021-07-02 01:16:12 -07:00
Kubernetes Prow Robot
659c7e709f
Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 
csr: add expirationSeconds field to control cert lifetime
 2021-07-01 23:02:12 -07:00
Monis Khan
8d49502fcd
csr: update e2e conformance test with expirationSeconds usage 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:16 -04:00
Monis Khan
29b3fa7826
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:16 -04:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime 
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
2627808e93
Merge pull request #103378 from n4j/feature/podSecurityApparmor_v2 
[PodSecurity] baseline - apparmor
 2021-07-01 19:20:24 -07:00
Kubernetes Prow Robot
df95052de3
Merge pull request #103218 from dashpole/otel_clientgo 
Add tracing to apiserver client-go requests
 2021-07-01 19:20:12 -07:00
Kubernetes Prow Robot
62503f254e
Merge pull request #103413 from mgutierrez98/refactor-whitelist-blacklist 
Refactored files containing whitelist/blacklist to allowlist/denylist…
 2021-07-01 18:12:25 -07:00
Kubernetes Prow Robot
8fb67473ce
Merge pull request #103323 from sejr/podsecurity-restricted-volumes 
[Pod Security] Restricted volume type check
 2021-07-01 18:12:11 -07:00
Kubernetes Prow Robot
2d4753b898
Merge pull request #103360 from m14815/commit-21.6.3 
Error should be checked first, then go to other steps.
 2021-07-01 15:36:03 -07:00
Kubernetes Prow Robot
25bbe2ebc5
Merge pull request #99594 from cofyc/kep1845-api 
Prioritizing nodes based on volume capacity: API changes
 2021-07-01 15:35:51 -07:00
Samuel Roth
13a1804a5f podsecurity: add restricted volume type check 
podsecurity: restricted volumes check
 2021-07-01 17:51:56 -04:00
Kubernetes Prow Robot
43ebff8fa4
Merge pull request #103306 from swetharepakula/convert-proxy 
Kubeproxy uses V1 EndpointSlice
 2021-07-01 14:28:11 -07:00
Kubernetes Prow Robot
9ca75c1f49
Merge pull request #103243 from ii/promote-statefulset-status-test 
Promote to Conformance StatefulSet Patch, Read and Replace Status test +3
 2021-07-01 14:28:02 -07:00
Kubernetes Prow Robot
062bc359ca
Merge pull request #102444 from sanwishe/resourceStartTime 
Expose container start time in kubelet /metrics/resource endpoint
 2021-07-01 14:27:51 -07:00
Lubomir I. Ivanov
622f69bf8d kubeadm: update v1beta3's godoc changelog 2021-07-02 00:12:25 +03:00
Lubomir I. Ivanov
11d444b00e kubeadm: remove versioned copies of the bootstrap token API and utils 
Given bootstraptoken/v1 is now a separate GV, there is no need
to duplicate the API and utilities inside v1beta3 and the internal
version.

v1beta2 must continue to use its internal copy due, since output/v1alpha1
embeds the v1beta2.BootstrapToken object. See issue 2427 in k/kubeadm.
 2021-07-02 00:11:49 +03:00
Lubomir I. Ivanov
14fa296bb3 kubeadm: use the bootstraptoken/v1 API across the code base 
- Make v1beta3 use bootstraptoken/v1 instead of local copies
- Make the internal API use bootstraptoken/v1
- Update validation, /cmd, /util and other packages
- Update v1beta2 conversion
 2021-07-02 00:11:49 +03:00
Lubomir I. Ivanov
5b7bda90c0 kubeadm: introduce apis/bootstraptoken/v1 
Package bootstraptoken contains an API and utilities wrapping the
"bootstrap.kubernetes.io/token" Secret type to ease its usage in kubeadm.

The API is released as v1, since these utilities have been part of a
GA workflow for 10+ releases.

The "bootstrap.kubernetes.io/token" Secret type is also GA.
 2021-07-02 00:11:49 +03:00
mgutierrez98
1cfbb0aa25 remove webhook.go to revert changes to conformance test 2021-07-01 20:24:46 +00:00
Kubernetes Prow Robot
3334703eb2
Merge pull request #103242 from ii/promote-deployment-status-test 
Promote to Conformance Patch, Read and Replace DeploymentStatus test +1
 2021-07-01 13:18:04 -07:00
Kubernetes Prow Robot
cd94e840cb
Merge pull request #103241 from ii/promote-statefulset-list-deletecollection 
Promote to Conformance StatefulSet List, Patch & DeleteCollection Test +3
 2021-07-01 13:17:52 -07:00
Jordan Liggitt
ac4bb885be hostProcess test fixture data 2021-07-01 15:49:33 -04:00
Jordan Liggitt
49d31c45b1 PodSecurity: baseline hostProcess check 2021-07-01 15:49:33 -04:00
Kubernetes Prow Robot
e524a5ab42
Merge pull request #103282 from MrHohn/cpa-multi-arch 
Update dns-horizontal-autoscaler to use the multi-arch image
 2021-07-01 11:47:42 -07:00
Neeraj Shah
8049448113 [PodSecurity] baseline - apparmor 
Implement the "AppArmor" check from https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline

- AppArmor check
- Fixtures
- UnitTest case
 2021-07-01 23:36:55 +05:30
David Ashpole
b0ffaa93f5 move tracing instantiation further up, and check for nil 2021-07-01 10:42:11 -07:00
Kubernetes Prow Robot
e5135985fa
Merge pull request #103340 from MadhavJivrajani/proc-mount-baseline 
Add baseline check for procMount type
 2021-07-01 09:50:07 -07:00
Kubernetes Prow Robot
b0af328e6e
Merge pull request #103326 from pacoxu/safe-sysctls 
Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl
 2021-07-01 09:49:55 -07:00
Kubernetes Prow Robot
7e00f5d401
Merge pull request #103118 from wangyysde/remove-errors-from-check_conformance_test_requirements.go 
use native error instead of github.com/pkg/errors
 2021-07-01 07:39:55 -07:00
Madhav Jivrajani
f0ffba75ad Add baseline check for procMount type 
- Will not allow if a container (init or not) sets the proc mount type to anything other than `Default`
- Include fixture for proc mount baseline generation and the consequent genreated test data

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2021-07-01 20:02:36 +05:30
Kubernetes Prow Robot
1861e4756d
Merge pull request #103396 from praveenghuge/master-to-main-cleanup 
k8s.io master to main cleanup
 2021-07-01 04:45:54 -07:00
Kubernetes Prow Robot
3f4c39bbd7
Merge pull request #103063 from neolit123/1.22-add-patches-to-v1beta3 
kubeadm: add support for patches in v1beta3; deprecate --experimental-patches
 2021-07-01 02:25:54 -07:00
Kubernetes Prow Robot
a0c83ba938
Merge pull request #103385 from ravisantoshgudimetla/fix-ubernetes-tests-2 
[storage] [test] Ensure proper resource creation
 2021-07-01 00:06:06 -07:00
Kubernetes Prow Robot
dbfea1e2aa
Merge pull request #103365 from liggitt/podsecurity-feature-test 
PodSecurity: make failure integration tests feature-aware
 2021-07-01 00:05:54 -07:00
Kubernetes Prow Robot
c14017b270
Merge pull request #103176 from CaoDonghui123/updatemod 
Update golang.org/x/net
 2021-06-30 22:17:54 -07:00
Praveen Ghuge
db3534dd64 master too main cleanup 2021-06-30 21:56:29 -07:00
Kubernetes Prow Robot
5c23b61247
Merge pull request #103327 from SataQiu/fix-write-config-to 
kube-scheduler: ensure the default config output of --write-to-config is usable
 2021-06-30 21:00:06 -07:00
Kubernetes Prow Robot
ea0098b811
Merge pull request #103219 from mgutierrez98/refactor-wait_go 
Renamed variable within wait_test containing master to control plane
 2021-06-30 20:59:54 -07:00
wangyysde
e2e1c94f06 use native error instead of github.com/pkg/errors 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2021-07-01 10:54:09 +08:00
Kubernetes Prow Robot
4748bb04b6
Merge pull request #102508 from kolyshkin/runc-1.0 
Update runc to 1.0.0
 2021-06-30 19:35:55 -07:00
pacoxu
2cab85a403 Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-07-01 10:31:21 +08:00
Jordan Liggitt
ba6b4c5a18 PodSecurity: test GA-only cases and alpha/beta fields separately 2021-06-30 22:08:11 -04:00