Lukasz Szaszkiewicz
4a2aef00d6
adds metrics for authorization webhook
2021-06-30 09:26:25 +02:00
Kubernetes Prow Robot
696d0f5772
Merge pull request #103316 from sejr/podsecurity-baseline-hostNamespace
...
[Pod Security]: HostNamespace baseline check
2021-06-29 21:19:03 -07:00
Samuel Roth
71cb2d71a8
podsecurity: add baseline hostNamespace check
...
less repetitive detail
dont ensure security context
minor doc fix
fixing keys
2021-06-29 23:11:32 -04:00
Kubernetes Prow Robot
7ad7c0757a
Merge pull request #103160 from ravisantoshgudimetla/fix-ubernetes-tests
...
Run ubernetes tests on gke only
2021-06-29 18:29:14 -07:00
Kubernetes Prow Robot
61ee139a08
Merge pull request #103070 from jeremyje/logspam
...
GCE Windows: Upgrade to flb-exporter v0.17.0 which reduces log spam.
2021-06-29 18:29:02 -07:00
Kubernetes Prow Robot
c9bff73105
Merge pull request #103179 from tanjing2020/runtimeclass
...
[e2e] Destroy the created runtimeclass resources at the end of the test case.
2021-06-29 17:07:15 -07:00
Kubernetes Prow Robot
21f41b8e82
Merge pull request #101711 from hbagdi/ingressclass-namespaced-params-beta
...
graduate IngressClassNamespacedParams to beta
2021-06-29 17:07:03 -07:00
Kubernetes Prow Robot
7eaf2ebab2
Merge pull request #103313 from neolit123/1.22-fix-key-check-download-certs
...
kubeadm: fix wrong check for keys/certs during "download-certs"
2021-06-29 14:54:20 -07:00
Kubernetes Prow Robot
00af17037b
Merge pull request #103256 from pacoxu/static-check-0.2.0
...
upgrade staticcheck to v0.2.0 and update the static failure packages
2021-06-29 13:42:32 -07:00
Kubernetes Prow Robot
e0f66be1aa
Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score
...
Add score func for NodeResourcesFit plugin
2021-06-29 13:42:20 -07:00
Lubomir I. Ivanov
5c00024c70
kubeadm: fix wrong check for keys/certs during "download-certs"
...
During "join" of new control plane machines, kubeadm would
download shared certificates and keys from the cluster stored
in a Secret. Based on the contents of an entry in the Secret,
it would use helper functions from client-go to either write
it as public key, cert (mode 644) or as a private key (mode 600).
The existing logic is always writing both keys and certs with mode 600.
Allow detecting public readable data properly and writing some files
with mode 644.
First check the data with ParsePrivateKeyPEM(); if this passes
there must be at least one private key and the file should be written
with mode 600 as private. If that fails, validate if the data contains
public keys with ParsePublicKeysPEM() and write the file as public
(mode 644).
As a result of this new logic, and given the current set of managed
kubeadm files, .key files will end up with 600, while .crt and .pub
files will end up with 644.
2021-06-29 23:42:04 +03:00
Harry Bagdi
f0d917a3ca
add fuzzer patch to fix tests
2021-06-29 12:59:59 -07:00
Kubernetes Prow Robot
92726bf0f3
Merge pull request #103248 from sttts/sttts-crd-converison-test
...
apiextension: fix typo and test case in conversion integration test
2021-06-29 11:20:03 -07:00
Kubernetes Prow Robot
f2e47502fd
Merge pull request #103076 from wzshiming/fix/flake-gracefulnodeshutdown-dbus
...
Fix the GracefulNodeShutdown e2e test running on dbus that refuses to manually start
2021-06-29 11:19:50 -07:00
Kubernetes Prow Robot
dae03ba921
Merge pull request #99364 from p0lyn0mial/upstream-delegated-authn-metrics
...
adds metrics for delegated authn
2021-06-29 11:19:38 -07:00
yuzhiquan
deb14b995a
Add score plugin for NodeResourcesFit
2021-06-29 13:16:55 -04:00
Kubernetes Prow Robot
01819dd322
Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode
...
ReadWriteOncePod access mode for PVs and PVCs
2021-06-29 10:04:40 -07:00
ravisantoshgudimetla
c65b80a637
[storage] [test] Remove extra zone test
...
We're running ubernetes tests
`should only be allowed to provision PDs in zones
where nodes exist`
on gcp&gke. While the test is useful in exercising
the scenario of identifying extra zone and
creating a node in it, not every Kube
distribution uses the same approach to create a node,
further if even there is an extra zone, we cannot
guarantee the zone to have enough quota. There can also
be other GCP specific edge cases all of which cannot be
covered within this test. So, removing the test
as agreed upon with the storage team
2021-06-29 12:52:58 -04:00
Kubernetes Prow Robot
756203fda0
Merge pull request #102576 from dobsonj/101911
...
kubelet: do not call RemoveAll on volumes directory for orphaned pods
2021-06-29 06:54:40 -07:00
Kubernetes Prow Robot
3d87fd6a9a
Merge pull request #103273 from XudongLiuHarold/fix-loadbalancerclass-test-name
...
fix loadbalancerclass integration test funcation name
2021-06-29 05:40:41 -07:00
Kubernetes Prow Robot
ebcb4a2d88
Merge pull request #103104 from pacoxu/npd-088
...
update npd to v0.8.8
2021-06-29 02:30:40 -07:00
Dr. Stefan Schimanski
903d76f558
apiextension: fix typo and test case in conversion integration test
2021-06-29 11:03:24 +02:00
Lukasz Szaszkiewicz
322c18c147
adds metrics for authentication webhook
2021-06-29 09:49:14 +02:00
Kubernetes Prow Robot
1151dc1ee5
Merge pull request #103138 from sbangari/winDsrLoadBalancerServiceFix
...
Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
2021-06-28 23:26:51 -07:00
Kubernetes Prow Robot
adf561fb96
Merge pull request #96699 from tengqm/kubelet-config-norm
...
Tweak kubelet config comments for consistency and readability
2021-06-28 23:26:40 -07:00
Chris Henzie
b7d732d3d6
Map PV access modes to CSI access modes
2021-06-28 21:25:38 -07:00
Chris Henzie
8db83c89aa
CSI client helpers for NodeGetCapabilities
2021-06-28 21:25:37 -07:00
Chris Henzie
5f98f6cfa4
Update helper methods to print and parse ReadWriteOncePod access mode
2021-06-28 21:25:37 -07:00
Chris Henzie
2b98f8edc7
Enforce ReadWriteOncePod access mode during mount
2021-06-28 21:25:37 -07:00
Chris Henzie
7491d01651
Validate use of the ReadWriteOncePod access mode
...
This will only work if the "ReadWriteOncePod" feature gate is enabled.
Additionally, this access mode will only work when used by itself. This
is because when ReadWriteOncePod is used on a PV or PVC, it renders all
other access modes useless since it is most restrictive.
2021-06-28 21:25:37 -07:00
Chris Henzie
48ba5020a2
ReadWriteOncePod PV access mode and feature gate
2021-06-28 21:25:35 -07:00
Chris Henzie
358d2e0bd1
Export contains access mode helper method
...
Will be used during validation of PVs and PVCs
2021-06-28 21:24:56 -07:00
Chris Henzie
83e3ee780a
Rename access mode contains helper method
...
So it is consistent with other methods performing the same check (one
for internal and external types)
2021-06-28 21:24:56 -07:00
Chris Henzie
dba8ee229e
Add validation options for PersistentVolumeClaims
...
These options provide an extensible way of configuring how PVCs are
validated
2021-06-28 21:24:55 -07:00
Chris Henzie
9ba0eed7c5
Add validation options for PersistentVolumes
...
These options provide an extensible way of configuring how PVs are
validated
2021-06-28 21:24:55 -07:00
Kubernetes Prow Robot
d92f6c424d
Merge pull request #103099 from liggitt/podsecurity
...
PodSecurity admission
2021-06-28 20:46:52 -07:00
Kubernetes Prow Robot
db3a216fbb
Merge pull request #97238 from andrewsykim/kube-proxy-handle-terminating
...
kube-proxy handle terminating endpoints
2021-06-28 20:46:40 -07:00
Harold
477aef192f
fix loadbalancerclass integration test funcation name
2021-06-28 20:07:02 -07:00
Kubernetes Prow Robot
9866f9364e
Merge pull request #103112 from fromanirh/cpumanager-e2e-fixes
...
e2e: node: remove obsolete AlphaFeature tag
2021-06-28 19:36:39 -07:00
pacoxu
ffdf3f5007
update node-problem-detector npd to v0.8.8
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Co-Authored-By: vteratipally <vteratipally@users.noreply.github.com>
2021-06-29 09:35:32 +08:00
tanjing2020
f80f9eeb6d
Destroy the created runtimeclass resources at the end of the test case.
2021-06-29 09:20:40 +08:00
Kubernetes Prow Robot
ee459b8969
Merge pull request #103265 from fromanirh/e2e-node-fix-npd
...
e2e: node: fix npd test failures bumping image
2021-06-28 17:03:50 -07:00
Kubernetes Prow Robot
15d3c3a5e2
Merge pull request #102821 from ehashman/phase-fix
...
Ensure kubelet statuses can handle loss of container runtime state
2021-06-28 15:38:40 -07:00
Kubernetes Prow Robot
38f012320f
Merge pull request #101947 from cynepco3hahue/memory_manager_move_to_beta
...
memory manager: move to beta
2021-06-28 15:38:28 -07:00
Jordan Liggitt
6f9011a4ae
PodSecurity: vendor: generated files
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2021-06-28 17:46:00 -04:00
Jordan Liggitt
b8bdcf6441
PodSecurity: update dependencies
2021-06-28 17:46:00 -04:00
Jordan Liggitt
724fbfbb69
PodSecurity: test: generate fixture data
2021-06-28 17:46:00 -04:00
Jordan Liggitt
93c6f8969a
PodSecurity: check: addCapabilities
2021-06-28 17:45:59 -04:00
Jordan Liggitt
3733e209c9
PodSecurity: check: allowPrivilegeEscalation
2021-06-28 17:45:36 -04:00
Jordan Liggitt
a8206ef58b
PodSecurity: check: runAsNonRoot
2021-06-28 17:45:36 -04:00