kubernetes

mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 02:34:03 +00:00

Author	SHA1	Message	Date
Kubernetes Prow Robot	9988f6371b	Merge pull request #120192 from SataQiu/remove-featuregate-20230827 Remove GAed feature gates CronJobTimeZone, JobMutableNodeSchedulingDirectives and LegacyServiceAccountTokenNoAutoGeneration	2023-10-14 23:50:11 +02:00
Kubernetes Prow Robot	414a5f6692	Merge pull request #119100 from bzsuni/ga/JobTrackingWithFinalizers Remove GA featuregate about JobTrackingWithFinalizers in 1.28	2023-10-14 23:50:01 +02:00
Kubernetes Prow Robot	fea759baeb	Merge pull request #119063 from saschagrunert/makefile-remote-runtime Remove reference to `RUNTIME` variable in `build/root/Makefile`	2023-10-14 23:49:52 +02:00
Kubernetes Prow Robot	e0426ffd62	Merge pull request #118806 from abhigyadufare/patch-1 Error Typofix	2023-10-14 23:49:43 +02:00
Kubernetes Prow Robot	f136f42d66	Merge pull request #118121 from boglarkla/patch-1 fixed typo in get-kube.sh	2023-10-14 23:49:34 +02:00
Kubernetes Prow Robot	52cba2d8d8	Merge pull request #117411 from tenzen-y/add-multiply-method quantity: Add multiplication methods	2023-10-14 23:49:26 +02:00
Kubernetes Prow Robot	95bd8b95a7	Merge pull request #100448 from saschagrunert/cri-stats-log Do not error log CRI stats for not cached partitions	2023-10-14 23:49:12 +02:00
Kubernetes Prow Robot	f07df93ffb	Merge pull request #119566 from haircommander/cri-owners cri-api: add CRI implementation maintainers as approvers	2023-10-14 22:42:15 +02:00
Kubernetes Prow Robot	4911aad463	Merge pull request #115702 from xyz-li/master Fix: kubelet will not output logs after log file is rotated	2023-10-14 22:42:04 +02:00
Antonio Ojea	c2d473f0d4	remove ClusterCIDR KEP-2593 proposed to expand the existing node-ipam controller to be configurable via a ClusterCIDR objects, however, there were reasonable doubts on the SIG about the feature and after several months of dicussions we decided to not move forward with the KEP intree, hence, we are going to remove the existing code, that is still in alpha. https://groups.google.com/g/kubernetes-sig-network/c/nts1xEZ--gQ/m/2aTOUNFFAAAJ Change-Id: Ieaf2007b0b23c296cde333247bfb672441fe6dfc	2023-10-14 19:06:22 +00:00
SataQiu	32d2afe42b	kubeadm: fill with the DefaultCRISocket when CRI socket detection is not required	2023-10-14 16:21:38 +08:00
Kubernetes Prow Robot	d18a97cf3d	Merge pull request #121224 from liggitt/gate Register UnauthenticatedHTTP2DOSMitigation into kube components	2023-10-14 03:01:12 +02:00
Kubernetes Prow Robot	b87cae907d	Merge pull request #121001 from jiahuif-forks/feature/validating-admission-policy/typed-composition-variables ValidatingAdmissionPolicy: typed variables support.	2023-10-14 01:55:43 +02:00
Kubernetes Prow Robot	088f8c0ec5	Merge pull request #121096 from alexzielenski/common-schema add rest of accessors to common.Schema	2023-10-14 00:00:54 +02:00
Jordan Liggitt	c72923b17a	Register UnauthenticatedHTTP2DOSMitigation into kube components	2023-10-13 17:50:31 -04:00
Alexander Zielenski	fb1fc8b4a7	ratcheting: disable correlation by index discussion: https://github.com/kubernetes/kubernetes/pull/121118#discussion_r1358865893	2023-10-13 14:36:46 -07:00
Alexander Zielenski	d991ed56c2	comments: clear up correlateOldValueForChildAtNewIndex godoc	2023-10-13 14:11:02 -07:00
Alexander Zielenski	0ed67c9e41	cleanup: use swtich in CachedDeepEqual and add more comments	2023-10-13 14:05:47 -07:00
Alexander Zielenski	60c90fc085	cleanup: consistently support nil receiver and document	2023-10-13 13:57:55 -07:00
Alexander Zielenski	abb68591af	cleanup: clarify correlatedOldValueForChildAtNewIndex comment	2023-10-13 13:54:53 -07:00
Yuki Iwai	ddcbae734a	Add a 0 × 0 case Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2023-10-14 05:54:15 +09:00
Yuki Iwai	fb2e28b070	Verify more carefully the results in the TestInt64AmountMul Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2023-10-14 05:53:45 +09:00
Siyuan Zhang	26a4e06c92	k8s.io/apiserver/storage: add 3 new unit tests for delete. Signed-off-by: Siyuan Zhang <sizhang@google.com>	2023-10-13 13:51:28 -07:00
Alexander Zielenski	e1fa1df3ae	cleanup: consistent interface{} and any	2023-10-13 13:50:52 -07:00
Alexander Zielenski	0495616230	cleanup: add godoc	2023-10-13 13:50:19 -07:00
Yuki Iwai	4de3e73b8a	Add test cases for mostPositive and mostNegative Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2023-10-14 04:42:28 +09:00
Yuki Iwai	685ae02433	Add more unit tests Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2023-10-14 04:42:28 +09:00
Yuki Iwai	79325b6178	Multiply by a scalar Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2023-10-14 04:42:28 +09:00
Yuki Iwai	4381eb7237	quantity: Add multiplication methods Add multiplication functionality to Quantity. Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2023-10-14 04:42:28 +09:00
Kevin Hannon	1ae5429629	add potential fixes for flakiness in eviction tests	2023-10-13 11:36:44 -04:00
Kubernetes Prow Robot	0851995a61	Merge pull request #121158 from siyuanfoundation/test-list k8s.io/apiserver/storage: add some ResourceVersion validation in GetList unit tests.	2023-10-13 15:46:52 +02:00
Kubernetes Prow Robot	89f124cd70	Merge pull request #121216 from cpanato/update-distroless Bump distroless-iptables to v0.4.1	2023-10-13 14:37:39 +02:00
Kubernetes Prow Robot	86ba008787	Merge pull request #120990 from tkashem/fix-race-apf-test APF: fix data race in unit tests	2023-10-13 14:37:30 +02:00
Kubernetes Prow Robot	c2db4d03dc	Merge pull request #121136 from carlory/fix-kubeadm-2941 kubeadm: using struct option rather than a long list of parameters	2023-10-13 12:31:21 +02:00
carlory	db8e106e3f	Code Refactor: using struct option rather than a long list of parameters Co-authored-by: Shida Qiu <shidaqiu2018@gmail.com>	2023-10-13 17:17:03 +08:00
cpanato	b0c7956a86	Bump distroless-iptables to v0.4.1 Signed-off-by: cpanato <ctadeu@gmail.com>	2023-10-13 11:00:04 +02:00
carlory	a34d2f3b13	fix limitrange flaky test	2023-10-13 11:46:05 +08:00
cyclinder	10151a5e38	kubelet/sysctl: update log level	2023-10-13 11:23:59 +08:00
Kubernetes Prow Robot	b40f1c00e2	Merge pull request #121203 from enj/enj/i/h2_dos_flake Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests	2023-10-13 05:03:05 +02:00
Kubernetes Prow Robot	a7f8c2f787	Merge pull request #118846 from cyclinder/net.ipv4.tcp_keepalive_time Mark net.ipv4.tcp_keepalive_time as a safe sysctl	2023-10-13 05:02:51 +02:00
Kubernetes Prow Robot	0d63366bdf	Merge pull request #121195 from borg-land/rundir-ignore Add rundir folder to gitignore	2023-10-13 03:52:34 +02:00
Kubernetes Prow Robot	4c8fca2f06	Merge pull request #112894 from pohly/e2e-framework-test-labels e2e framework: test labels	2023-10-13 02:40:43 +02:00
Monis Khan	cd5db9b7f2	Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests These occasionally flake on CI: https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/121200/pull-kubernetes-unit-go-compatibility/1712589824344461312 === Failed === FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s) authentication_test.go:653: expect TCP connection: 1, actual: 2 --- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s) === FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s) --- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s) === FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose (2.30s) Signed-off-by: Monis Khan <mok@microsoft.com>	2023-10-12 19:13:07 -04:00
Alexander Zielenski	4dedabf2a6	test: fix boilerplate	2023-10-12 15:51:25 -07:00
Kubernetes Prow Robot	cb713c15e9	Merge pull request #121120 from enj/enj/i/h2_dos Prevent rapid reset http2 DOS on API server	2023-10-13 00:05:46 +02:00
upodroid	80e378181e	add rundir folder to gitignore	2023-10-12 21:54:59 +01:00
Monis Khan	800a8eaba7	Prevent rapid reset http2 DOS on API server This change fully addresses CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The changes to util/runtime are required because otherwise a large number of requests can get blocked on the time.Sleep calls. For unauthenticated clients (either via 401 or the anonymous user), we simply no longer allow such clients to hold open http2 connections. They can use http2, but with the performance of http1 (with keep-alive disabled). Since this change has the potential to cause issues, the UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to remove this protection (it is enabled by default). For example, when the API server is fronted by an L7 load balancer that is set up to mitigate http2 attacks, unauthenticated clients could force disable connection reuse between the load balancer and the API server (many incoming connections could share the same backend connection). An API server that is on a private network may opt to disable this protection to prevent performance regressions for unauthenticated clients. For all other clients, we rely on the golang.org/x/net fix in `b225e7ca6d` That change is not sufficient to adequately protect against a motivated client - future changes to Kube and/or golang.org/x/net will be explored to address this gap. The Kube API server now uses a max stream of 100 instead of 250 (this matches the Go http2 client default). This lowers the abuse limit from 1000 to 400. Signed-off-by: Monis Khan <mok@microsoft.com>	2023-10-12 16:54:07 -04:00
Kubernetes Prow Robot	2b4ef19578	Merge pull request #121191 from dims/update-busybox-sha-based-image-to-match-tag-1.36-1-1 Update busybox SHA based image to match tag - 1.36.1-1	2023-10-12 22:49:43 +02:00
Kubernetes Prow Robot	1cc9479720	Merge pull request #121189 from nilekhc/validation-doc [KMSv2] chore: updates api doc	2023-10-12 22:49:35 +02:00
Kubernetes Prow Robot	e93e8eac0e	Merge pull request #120735 from Jefftree/request-body Bump kube-openapi with v3 marshal and requestBody required marking	2023-10-12 22:49:25 +02:00

... 11 12 13 14 15 ...

119610 Commits