Commit Graph

101867 Commits

Author SHA1 Message Date
Oz N Tiram
552e1549ba
Build: improve documentation of build artifacts
As described in #100596 this can surprise newcomers.
This adds a paragraph which explains where are the build
artifacts are and how to use the docker images produced
by the build system.
2021-06-29 23:29:35 +02:00
Kubernetes Prow Robot
92726bf0f3
Merge pull request #103248 from sttts/sttts-crd-converison-test
apiextension: fix typo and test case in conversion integration test
2021-06-29 11:20:03 -07:00
Kubernetes Prow Robot
f2e47502fd
Merge pull request #103076 from wzshiming/fix/flake-gracefulnodeshutdown-dbus
Fix the GracefulNodeShutdown e2e test running on dbus that refuses to manually start
2021-06-29 11:19:50 -07:00
Kubernetes Prow Robot
dae03ba921
Merge pull request #99364 from p0lyn0mial/upstream-delegated-authn-metrics
adds metrics for delegated authn
2021-06-29 11:19:38 -07:00
Kubernetes Prow Robot
01819dd322
Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode
ReadWriteOncePod access mode for PVs and PVCs
2021-06-29 10:04:40 -07:00
Kubernetes Prow Robot
756203fda0
Merge pull request #102576 from dobsonj/101911
kubelet: do not call RemoveAll on volumes directory for orphaned pods
2021-06-29 06:54:40 -07:00
Kubernetes Prow Robot
3d87fd6a9a
Merge pull request #103273 from XudongLiuHarold/fix-loadbalancerclass-test-name
fix loadbalancerclass integration test funcation name
2021-06-29 05:40:41 -07:00
Kubernetes Prow Robot
ebcb4a2d88
Merge pull request #103104 from pacoxu/npd-088
update npd to v0.8.8
2021-06-29 02:30:40 -07:00
Dr. Stefan Schimanski
903d76f558 apiextension: fix typo and test case in conversion integration test 2021-06-29 11:03:24 +02:00
Lukasz Szaszkiewicz
322c18c147 adds metrics for authentication webhook 2021-06-29 09:49:14 +02:00
Kubernetes Prow Robot
1151dc1ee5
Merge pull request #103138 from sbangari/winDsrLoadBalancerServiceFix
Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
2021-06-28 23:26:51 -07:00
Kubernetes Prow Robot
adf561fb96
Merge pull request #96699 from tengqm/kubelet-config-norm
Tweak kubelet config comments for consistency and readability
2021-06-28 23:26:40 -07:00
Chris Henzie
b7d732d3d6 Map PV access modes to CSI access modes 2021-06-28 21:25:38 -07:00
Chris Henzie
8db83c89aa CSI client helpers for NodeGetCapabilities 2021-06-28 21:25:37 -07:00
Chris Henzie
5f98f6cfa4 Update helper methods to print and parse ReadWriteOncePod access mode 2021-06-28 21:25:37 -07:00
Chris Henzie
2b98f8edc7 Enforce ReadWriteOncePod access mode during mount 2021-06-28 21:25:37 -07:00
Chris Henzie
7491d01651 Validate use of the ReadWriteOncePod access mode
This will only work if the "ReadWriteOncePod" feature gate is enabled.
Additionally, this access mode will only work when used by itself. This
is because when ReadWriteOncePod is used on a PV or PVC, it renders all
other access modes useless since it is most restrictive.
2021-06-28 21:25:37 -07:00
Chris Henzie
48ba5020a2 ReadWriteOncePod PV access mode and feature gate 2021-06-28 21:25:35 -07:00
Chris Henzie
358d2e0bd1 Export contains access mode helper method
Will be used during validation of PVs and PVCs
2021-06-28 21:24:56 -07:00
Chris Henzie
83e3ee780a Rename access mode contains helper method
So it is consistent with other methods performing the same check (one
for internal and external types)
2021-06-28 21:24:56 -07:00
Chris Henzie
dba8ee229e Add validation options for PersistentVolumeClaims
These options provide an extensible way of configuring how PVCs are
validated
2021-06-28 21:24:55 -07:00
Chris Henzie
9ba0eed7c5 Add validation options for PersistentVolumes
These options provide an extensible way of configuring how PVs are
validated
2021-06-28 21:24:55 -07:00
Kubernetes Prow Robot
d92f6c424d
Merge pull request #103099 from liggitt/podsecurity
PodSecurity admission
2021-06-28 20:46:52 -07:00
Kubernetes Prow Robot
db3a216fbb
Merge pull request #97238 from andrewsykim/kube-proxy-handle-terminating
kube-proxy handle terminating endpoints
2021-06-28 20:46:40 -07:00
Harold
477aef192f fix loadbalancerclass integration test funcation name 2021-06-28 20:07:02 -07:00
Kubernetes Prow Robot
9866f9364e
Merge pull request #103112 from fromanirh/cpumanager-e2e-fixes
e2e: node: remove obsolete AlphaFeature tag
2021-06-28 19:36:39 -07:00
pacoxu
ffdf3f5007 update node-problem-detector npd to v0.8.8
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Co-Authored-By: vteratipally <vteratipally@users.noreply.github.com>
2021-06-29 09:35:32 +08:00
Kubernetes Prow Robot
ee459b8969
Merge pull request #103265 from fromanirh/e2e-node-fix-npd
e2e: node: fix npd test failures bumping image
2021-06-28 17:03:50 -07:00
Kubernetes Prow Robot
15d3c3a5e2
Merge pull request #102821 from ehashman/phase-fix
Ensure kubelet statuses can handle loss of container runtime state
2021-06-28 15:38:40 -07:00
Kubernetes Prow Robot
38f012320f
Merge pull request #101947 from cynepco3hahue/memory_manager_move_to_beta
memory manager: move to beta
2021-06-28 15:38:28 -07:00
Jordan Liggitt
6f9011a4ae PodSecurity: vendor: generated files
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2021-06-28 17:46:00 -04:00
Jordan Liggitt
b8bdcf6441 PodSecurity: update dependencies 2021-06-28 17:46:00 -04:00
Jordan Liggitt
724fbfbb69 PodSecurity: test: generate fixture data 2021-06-28 17:46:00 -04:00
Jordan Liggitt
93c6f8969a PodSecurity: check: addCapabilities 2021-06-28 17:45:59 -04:00
Jordan Liggitt
3733e209c9 PodSecurity: check: allowPrivilegeEscalation 2021-06-28 17:45:36 -04:00
Jordan Liggitt
a8206ef58b PodSecurity: check: runAsNonRoot 2021-06-28 17:45:36 -04:00
Jordan Liggitt
12ea930aae PodSecurity: check: selinux
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2021-06-28 17:45:36 -04:00
Jordan Liggitt
42dc070b47 PodSecurity: kube-apiserver integration test 2021-06-28 17:45:36 -04:00
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Jordan Liggitt
65a42a483c PodSecurity: pkg/features: feature gate 2021-06-28 17:45:35 -04:00
Tim Allclair
02a6187757 PodSecurity: admission: admission library
Co-authored-by: Jordan Liggitt <liggitt@google.com>
2021-06-28 17:45:35 -04:00
Jordan Liggitt
29f5ebf1fe PodSecurity: test: framework 2021-06-28 17:45:35 -04:00
Tim Allclair
1436d35779 PodSecurity: policy: registry
Co-authored-by: Jordan Liggitt <liggitt@google.com>
2021-06-28 17:45:35 -04:00
Jordan Liggitt
5183ea0bf0 PodSecurity: metrics: stub interface
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2021-06-28 17:45:35 -04:00
Jordan Liggitt
a3ba921b16 PodSecurity: admission/api: configuration API
Admission configuration:
- user, namespace, runtimeclass exemptions
- default policy levels and versions
- defaulting
- load and serialization helpers

Co-authored-by: Tim Allclair <timallclair@gmail.com>
2021-06-28 17:45:34 -04:00
Tim Allclair
9ce17c8773 PodSecurity: api: runtime API
Label keys, values, and parsing helper functions

Co-authored-by: Jordan Liggitt <liggitt@google.com>
2021-06-28 17:45:34 -04:00
Kubernetes Prow Robot
bb309b5706
Merge pull request #103249 from wangyysde/update-kubeadm-help-msg
correct example command of kubeadm help
2021-06-28 14:24:28 -07:00
Kubernetes Prow Robot
51e1969d9c
Merge pull request #103133 from marwanad/allow-scheduler-to-patch-conditions
switch scheduler to generate the merge patch on pod status instead of the full pod
2021-06-28 12:46:28 -07:00
Kubernetes Prow Robot
556f8500ff
Merge pull request #102859 from MikeSpreitzer/add-r-metrics
Add APF metrics about R(t)
2021-06-28 11:40:28 -07:00
Kubernetes Prow Robot
cd5d3e690e
Merge pull request #103153 from josephburnett/v2beta2
Move HPA v2beta2 deprecation to 1.23.
2021-06-28 10:33:25 -07:00