github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity
102,260 Commits 42 Branches 7,905 Tags 1.3 GiB
649b87aaf8
Commit Graph

102260 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pushkar Joglekar
d57e143277 [PodSecurity] Implement host ports check 
Applies to baseline policy. Since host ports is
a niche feature, usage of any host ports is
forbidden for either app container or init container

Refactored two fixtures into one for non-host ports in app container and init container

Fixes based on PR feedback
- remove no-op if check,
- use correct Int32 list for hostPort
- remove ensureHostPorts func

Removed redundant fixtures as per PR feedback

Removed minimal valid pod

Updates after gofmt
 2021-06-30 09:26:22 -07:00
Kubernetes Prow Robot
1534e0c7ec
Merge pull request #103350 from tech-geek29/fix-mac-local-cluster 
Update local-cluster-up.sh to auto-detect darwin and skip kubelet and kube-proxy
 2021-06-30 09:11:04 -07:00
maruiyan
9c150b0f22 Error string should not be capitalized or end with punctuation. 2021-06-30 23:23:30 +08:00
Rishabh Jain
584eb5e947 Update local-cluster-up.sh to auto-detect darwin and skip kubelet and kube-proxy 2021-06-30 20:30:03 +05:30
njuptlzf
1ac0e018d5 [PodSecurity] Implement sysctls check 2021-06-30 21:53:20 +08:00
Kubernetes Prow Robot
b3cc522b53
Merge pull request #103281 from makusu2/patch-1 
Fix grammar
 2021-06-30 05:41:03 -07:00
Kubernetes Prow Robot
d787eaa4d5
Merge pull request #103332 from mcshooter/updateNPDVersion 
Update NPD release version and include windows defender config
 2021-06-30 01:19:02 -07:00
Lukasz Szaszkiewicz
4a2aef00d6 adds metrics for authorization webhook 2021-06-30 09:26:25 +02:00
SataQiu
6c86c34457 kube-scheduler: ensure the default config output of --write-to-config is usable 2021-06-30 13:26:27 +08:00
Kubernetes Prow Robot
696d0f5772
Merge pull request #103316 from sejr/podsecurity-baseline-hostNamespace 
[Pod Security]: HostNamespace baseline check
 2021-06-29 21:19:03 -07:00
Samuel Roth
1441a33030 hostPath baseline check for Pod Security Standards 
graduate IngressClassNamespacedParams to beta

add fuzzer patch to fix tests

Destroy the created runtimeclass resources at the end of the test case.

addressing comments

dont ensure security context
 2021-06-30 00:19:01 -04:00
Dave Chen
1fa673c15c Extent the NodeResourcesBalancedAllocation plugin to cover more resources 
Signed-off-by: Dave Chen <dave.chen@arm.com>
 2021-06-30 11:15:12 +08:00
Samuel Roth
71cb2d71a8 podsecurity: add baseline hostNamespace check 
less repetitive detail

dont ensure security context

minor doc fix

fixing keys
 2021-06-29 23:11:32 -04:00
maruiyan
da4aaf81cd Error should be checked first, then go to other steps. 2021-06-30 11:00:55 +08:00
caodonghui
c1d5a3a99e Update golang.org/x/net to v0.0.0-20210520170846-37e1c6afe023 2021-06-30 10:23:10 +08:00
Kubernetes Prow Robot
7ad7c0757a
Merge pull request #103160 from ravisantoshgudimetla/fix-ubernetes-tests 
Run ubernetes tests on gke only
 2021-06-29 18:29:14 -07:00
Kubernetes Prow Robot
61ee139a08
Merge pull request #103070 from jeremyje/logspam 
GCE Windows: Upgrade to flb-exporter v0.17.0 which reduces log spam.
 2021-06-29 18:29:02 -07:00
Kubernetes Prow Robot
c9bff73105
Merge pull request #103179 from tanjing2020/runtimeclass 
[e2e] Destroy the created runtimeclass resources at the end of the test case.
 2021-06-29 17:07:15 -07:00
Kubernetes Prow Robot
21f41b8e82
Merge pull request #101711 from hbagdi/ingressclass-namespaced-params-beta 
graduate IngressClassNamespacedParams to beta
 2021-06-29 17:07:03 -07:00
Michelle Tandya
03f85e9ade Update NPD release version and include windows defender config 2021-06-30 00:00:32 +00:00
Kubernetes Prow Robot
7eaf2ebab2
Merge pull request #103313 from neolit123/1.22-fix-key-check-download-certs 
kubeadm: fix wrong check for keys/certs during "download-certs"
 2021-06-29 14:54:20 -07:00
Kubernetes Prow Robot
00af17037b
Merge pull request #103256 from pacoxu/static-check-0.2.0 
upgrade staticcheck to v0.2.0 and update the static failure packages
 2021-06-29 13:42:32 -07:00
Kubernetes Prow Robot
e0f66be1aa
Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score 
Add score func for NodeResourcesFit plugin
 2021-06-29 13:42:20 -07:00
Lubomir I. Ivanov
5c00024c70 kubeadm: fix wrong check for keys/certs during "download-certs" 
During "join" of new control plane machines, kubeadm would
download shared certificates and keys from the cluster stored
in a Secret. Based on the contents of an entry in the Secret,
it would use helper functions from client-go to either write
it as public key, cert (mode 644) or as a private key (mode 600).

The existing logic is always writing both keys and certs with mode 600.
Allow detecting public readable data properly and writing some files
with mode 644.

First check the data with ParsePrivateKeyPEM(); if this passes
there must be at least one private key and the file should be written
with mode 600 as private. If that fails, validate if the data contains
public keys with ParsePublicKeysPEM() and write the file as public
(mode 644).

As a result of this new logic, and given the current set of managed
kubeadm files, .key files will end up with 600, while .crt and .pub
files will end up with 644.
 2021-06-29 23:42:04 +03:00
Harry Bagdi
f0d917a3ca add fuzzer patch to fix tests 2021-06-29 12:59:59 -07:00
Elana Hashman
39f32d7286
Ensure MemorySwapConfig can't be set without feature flag 2021-06-29 12:08:25 -07:00
Elana Hashman
d4041cb80f
Add generated files for swap API changes 2021-06-29 12:08:25 -07:00
Elana Hashman
d3fd1362ca
Rename NoSwap to LimitedSwap as workloads may still swap 
Also made the options a kubelet type, address API review feedback
 2021-06-29 12:08:21 -07:00
Elana Hashman
0deef4610e
Set MemorySwapLimitInBytes for CRI when NodeSwapEnabled 2021-06-29 11:59:02 -07:00
Elana Hashman
7342acb0b8
Add validation for KubeletConfig MemorySwap 2021-06-29 11:59:01 -07:00
Elana Hashman
7d50271d21
Update CRI with memory_swap_limit_in_bytes 2021-06-29 11:59:01 -07:00
Elana Hashman
bda03b4818
API change: add MemorySwap to KubeletConfiguration 2021-06-29 11:58:59 -07:00
Elana Hashman
9eeec68d67
Update local-up-cluster.sh swap warning 2021-06-29 11:57:35 -07:00
Elana Hashman
0dd4ce40ad
Add NodeSwapEnabled feature flag 2021-06-29 11:57:34 -07:00
Kubernetes Prow Robot
92726bf0f3
Merge pull request #103248 from sttts/sttts-crd-converison-test 
apiextension: fix typo and test case in conversion integration test
 2021-06-29 11:20:03 -07:00
Kubernetes Prow Robot
f2e47502fd
Merge pull request #103076 from wzshiming/fix/flake-gracefulnodeshutdown-dbus 
Fix the GracefulNodeShutdown e2e test running on dbus that refuses to manually start
 2021-06-29 11:19:50 -07:00
Kubernetes Prow Robot
dae03ba921
Merge pull request #99364 from p0lyn0mial/upstream-delegated-authn-metrics 
adds metrics for delegated authn
 2021-06-29 11:19:38 -07:00
Nabarun Pal
ac41e56582
docs: add documentation on adding files to the embedded data 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 23:30:50 +05:30
yuzhiquan
deb14b995a Add score plugin for NodeResourcesFit 2021-06-29 13:16:55 -04:00
Chris Henzie
ebc3fdb293 Store PVC reference counts in NodeInfo cache 
This map will be queried as part of enforcement of the ReadWriteOncePod
access mode for PVCs
 2021-06-29 10:07:32 -07:00
Kubernetes Prow Robot
01819dd322
Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 
ReadWriteOncePod access mode for PVs and PVCs
 2021-06-29 10:04:40 -07:00
ravisantoshgudimetla
c65b80a637 [storage] [test] Remove extra zone test 
We're running ubernetes tests
`should only be allowed to provision PDs in zones
where nodes exist`
on gcp&gke. While the test is useful in exercising
the scenario of identifying extra zone and
creating a node in it, not every Kube
distribution uses the same approach to create a node,
further if even there is an extra zone, we cannot
guarantee the zone to have enough quota. There can also
be other GCP specific edge cases all of which cannot be
covered within this test. So, removing the test
as agreed upon with the storage team
 2021-06-29 12:52:58 -04:00
Kubernetes Prow Robot
756203fda0
Merge pull request #102576 from dobsonj/101911 
kubelet: do not call RemoveAll on volumes directory for orphaned pods
 2021-06-29 06:54:40 -07:00
Nabarun Pal
0ab03d3d5b
dependencies: remove go-bindata 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 19:16:51 +05:30
Nabarun Pal
bbccf2ecb4
e2e-node: move to embedded test manifests 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 19:16:49 +05:30
Nabarun Pal
d98b2dd2d6
generated: remove usage of go-bindata 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 19:16:48 +05:30
Nabarun Pal
68b334d02b
test: setup embedded file sources for manifests 
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
 2021-06-29 19:16:46 +05:30
Kubernetes Prow Robot
3d87fd6a9a
Merge pull request #103273 from XudongLiuHarold/fix-loadbalancerclass-test-name 
fix loadbalancerclass integration test funcation name
 2021-06-29 05:40:41 -07:00
vivian-xu
ceb42d0938 Update github.com/pkg/errors with go native errors pkg 2021-06-29 17:39:49 +08:00
Kubernetes Prow Robot
ebcb4a2d88
Merge pull request #103104 from pacoxu/npd-088 
update npd to v0.8.8
 2021-06-29 02:30:40 -07:00