github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity
88,337 Commits 42 Branches 7,905 Tags 1.3 GiB
55b687054d
Commit Graph

88337 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Prow Robot
6eaa4af025
Merge pull request #85234 from matthyx/patch-1 
Add matthyx to sig-node-reviewers in OWNERS_ALIASES
 2020-02-11 18:32:07 -08:00
Kubernetes Prow Robot
f9250c4f95
Merge pull request #87795 from zhan849/harry/reflector-backoff 
add exponential backoff with cap and reset in reflector during retrying ListWatch
 2020-02-11 17:06:21 -08:00
Kubernetes Prow Robot
04cfa4981a
Merge pull request #87463 from mwwolters/healthmon2healthz 
Migrate health monitor from read only port to healthz port
 2020-02-11 17:06:08 -08:00
Charles Eckman
5a176ac772 Provide OIDC discovery endpoints 
- Add handlers for service account issuer metadata.
- Add option to manually override JWKS URI.
- Add unit and integration tests.
- Add a separate ServiceAccountIssuerDiscovery feature gate.

Additional notes:
- If not explicitly overridden, the JWKS URI will be based on
  the API server's external address and port.

- The metadata server is configured with the validating key set rather
than the signing key set. This allows for key rotation because tokens
can still be validated by the keys exposed in the JWKs URL, even if the
signing key has been rotated (note this may still be a short window if
tokens have short lifetimes).

- The trust model of OIDC discovery requires that the relying party
fetch the issuer metadata via HTTPS; the trust of the issuer metadata
comes from the server presenting a TLS certificate with a trust chain
back to the from the relying party's root(s) of trust. For tests, we use
a local issuer (https://kubernetes.default.svc) for the certificate
so that workloads within the cluster can authenticate it when fetching
OIDC metadata. An API server cannot validly claim https://kubernetes.io,
but within the cluster, it is the authority for kubernetes.default.svc,
according to the in-cluster config.

Co-authored-by: Michael Taufen <mtaufen@google.com>
 2020-02-11 16:23:31 -08:00
Kubernetes Prow Robot
7faee2c30a
Merge pull request #88019 from liggitt/ssa 
Lower ssa auto-enablement to 10%
 2020-02-11 15:50:09 -08:00
Anago GCB
06fad92509 Add CHANGELOG/CHANGELOG-1.15.md for v1.15.10 2020-02-11 22:02:07 +00:00
Andrew Sy Kim
1653476e3f proxier: use IPSet from k8s.io/utils/net to store local addresses 
This allows the proxier to cache local addresses instead of fetching all
local addresses every time in IsLocalIP.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:44:34 -05:00
Andrew Sy Kim
77feb1126e userspace proxy: get local addresses only once per sync loop 
This avoids fetching all local network interfaces everytime we sync an
external IP. For clusters with many external IPs this gets really
expensive. This change caches all local addresses once per sync.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:35:49 -05:00
Andrew Sy Kim
126bf5a231 ipvs proxier: use util proxy methods for getting local addresses 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:35:49 -05:00
Andrew Sy Kim
313c3b81e3 iptables proxier: get local addresses only once per sync loop 
This avoids fetching all local network interfaces everytime we sync an
external IP. For clusters with many external IPs this gets really
expensive. This change caches all local addresses once per sync.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2020-02-11 16:35:49 -05:00
andrewsykim
9e5a06c3ed update vendor k8s.io/utils to 5f6fbceb4c31 
Signed-off-by: andrewsykim <kim.andrewsy@gmail.com>
 2020-02-11 16:35:49 -05:00
Anago GCB
e3ab253cd8 Add CHANGELOG/CHANGELOG-1.16.md for v1.16.7 2020-02-11 21:18:47 +00:00
jennybuckley
888a322d9c Round times to nearest second before sorting 2020-02-11 12:54:19 -08:00
Davanum Srinivas
f26dbc473d
Avoid running docker specific test in containerd 2020-02-11 14:32:18 -05:00
Anago GCB
5e94cccf5c Add CHANGELOG/CHANGELOG-1.17.md for v1.17.3 2020-02-11 19:18:37 +00:00
Jordan Liggitt
a657d51ce3 Lower server-side apply percentage to 10% 2020-02-11 12:55:28 -05:00
notpad
89066cceb9 Add RegisterPluginAsExtensionsWithWeight 2020-02-11 23:11:53 +08:00
wojtekt
ca81235f24 Fix serializer test 2020-02-11 15:54:05 +01:00
Kubernetes Prow Robot
574acbe310
Merge pull request #87847 from notpad/feature/slow_path 
Cleanup "slow-path" logic in scheduler Filters
 2020-02-11 06:46:04 -08:00
andyzhangx
9cb7f54c0b fix: add azure disk migration support for CSINode 2020-02-11 11:39:55 +00:00
Kubernetes Prow Robot
38acec9bbc
Merge pull request #87527 from brianpursley/kubectl-796 
Added 'No resources found' message to describe <type> and top pod commands
 2020-02-11 01:20:02 -08:00
notpad
fb895056c6 Add test 2020-02-11 16:51:21 +08:00
Kubernetes Prow Robot
dc8208dddc
Merge pull request #87871 from msau42/fix-hostexec 
Use NodeSelector instead of NodeName in hostexec Pod
 2020-02-10 20:44:01 -08:00
Davanum Srinivas
8f764b113e
Support for adding test-handler for containerd 2020-02-10 20:43:40 -05:00
shaloulcy
fe312ed74a add index for pod cacher 
Signed-off-by: shaloulcy <lcy041536@gmail.com>
 2020-02-11 09:25:27 +08:00
Kubernetes Prow Robot
6eba154f6e
Merge pull request #87984 from apelisse/100-percent-ssa 
Enable field management for all new objects
 2020-02-10 17:22:33 -08:00
Kubernetes Prow Robot
26ecb7ed60
Merge pull request #87982 from damemi/damemi-sched-reviewer 
Add damemi to sig-scheduling owners
 2020-02-10 17:22:24 -08:00
Kubernetes Prow Robot
f8f6229d77
Merge pull request #87950 from tanjunchen/fix-no-non-ascii-characters-/test 
test/ : fix non-ascii characters
 2020-02-10 17:22:15 -08:00
Kubernetes Prow Robot
921ef35e64
Merge pull request #87949 from 928234269/non_ascii_01 
Fix non-ascii characters in test/e2e_node and test/network.
 2020-02-10 17:22:01 -08:00
Haowei Cai
01328ae291 add roycaihw to reviewers in apiextensions-apiserver 2020-02-10 15:44:31 -08:00
Michelle Au
1ee35e788e Use NodeSelector instead of NodeName in hostexec Pod so that the Pod runs through the scheduler 
Change-Id: Ia2f7ad39af318bbe707b43dfea706293ecdf5203
 2020-02-10 15:36:04 -08:00
Kubernetes Prow Robot
0b2636a7e7
Merge pull request #87991 from mikedanese/createcontext 
remove authn/z.CreateContext expansions
 2020-02-10 14:53:53 -08:00
Jonathan Basseri
09121d9686 Add missing tag to vSphere storage E2E tests 
This adds the [Feature:vsphere] tag to those vSphere tests which were
missing it. This makes it easier to specifically target the vSphere
storage E2E test suite.
 2020-02-10 14:48:55 -08:00
Mike Danese
5954f34ade migrate authenticator and authorizer to Create 2020-02-10 13:17:59 -08:00
Mike Danese
119f220832 remove authn/z.CreateContext expansions 2020-02-10 13:17:59 -08:00
Kubernetes Prow Robot
7a506ff342
Merge pull request #87696 from liggitt/node2 
Switch node authorizer indexes to reference counts, add fastpath edge removal
 2020-02-10 12:45:54 -08:00
Jordan Liggitt
8a3f587b04 Add fast path to node authorizer for node/edge removal 2020-02-10 13:51:33 -05:00
Jordan Liggitt
3e0c0792d7 Switch node authorizer index to refcounts 2020-02-10 13:24:13 -05:00
Jordan Liggitt
6d335372b2 Add configmap->node destination edges to the node authorizer index 2020-02-10 13:23:50 -05:00
Kubernetes Prow Robot
bb3cddc24f
Merge pull request #87958 from dims/tolerate-when-bazel-shutdown-errors-out 
tolerate when bazel shutdown errors out
 2020-02-10 09:24:08 -08:00
Kubernetes Prow Robot
db9123e50e
Merge pull request #87936 from Huang-Wei/waitingPods-glitch 
Refine WaitingPod interface for scheduler Permit plugin
 2020-02-10 09:23:54 -08:00
Antoine Pelisse
8438bba5fd Enable field management for all new objects 2020-02-10 09:06:18 -08:00
Mike Dame
114e283154 Add damemi to sig-scheduling owners 2020-02-10 11:04:27 -05:00
Kubernetes Prow Robot
af618bd100
Merge pull request #87957 from liggitt/noop-deltafifo-resourceversion 
Treat replaced events that didn't change resourceVersion as resync events
 2020-02-10 07:07:54 -08:00
notpad
a7057f8df0 Cleanup "slow-path" logic in scheduler Filters 2020-02-10 22:48:49 +08:00
SataQiu
f2150587f3 kubeadm: remove 'kubeadm upgrade node config' 2020-02-10 18:28:41 +08:00
tanjunchen
c2c3c478cd test/e2e/framework:move functions to test/e2e/scheduling/ 2020-02-10 12:34:19 +08:00
Morten Torkildsen
95ddc029fa Make DisruptionController eviction tests serial to avoid flakes 2020-02-09 13:41:07 -08:00
Kubernetes Prow Robot
acd97b42f3
Merge pull request #87959 from andyzhangx/non-retriable 
add StatusConflict(409) as non-retriable error for disksClient
 2020-02-09 11:24:05 -08:00
Kubernetes Prow Robot
ca1514d03b
Merge pull request #80651 from odinuge/kubectl-proxy-handle-error 
Add error check in kubectl proxy on server setup
 2020-02-09 11:23:52 -08:00