kubernetes

mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-15 14:53:44 +00:00

Author	SHA1	Message	Date
Jordan Liggitt	9f8f36708a	Fixup lint warning	2024-07-19 15:06:52 -04:00
Jordan Liggitt	4d535db8be	Add selector authorization to the Node authorizer	2024-07-19 15:06:51 -04:00
Jordan Liggitt	a1398a8cca	Add structured labelSelector / fieldSelector to authorization webhook match conditions	2024-07-19 15:06:50 -04:00
Jordan Liggitt	83bd512861	Adjust CEL cost calculation and versioning for authorization library	2024-07-19 15:06:49 -04:00
David Eads	be2e32fa3e	Add CEL fieldSelector / labelSelector support to authorizer library	2024-07-19 15:06:49 -04:00
Jordan Liggitt	03d48b7683	Move CEL env initialization out of package init() This ensures compatibility version and feature gates can be initialized before cached CEL environments are created.	2024-07-19 15:06:48 -04:00
Jordan Liggitt	1d2ad282cf	Improve CEL cost tests to catch unhandled estimates or types	2024-07-19 15:06:47 -04:00
David Eads	92e3445e9d	add field and label selectors to authorization attributes Co-authored-by: Jordan Liggitt <liggitt@google.com>	2024-07-19 15:06:47 -04:00
David Eads	f5e5bef2e0	generate	2024-07-19 14:35:37 -04:00
David Eads	90f0b88b6a	add subjectaccessreview field and label selectors Co-authored-by: Jordan Liggitt <liggitt@google.com>	2024-07-19 14:34:49 -04:00
Kubernetes Prow Robot	acaec0c23a	Merge pull request #126124 from cici37/feature/validating-admission-policy/metrics-improvement Feature/validating admission policy/metrics improvement	2024-07-19 10:34:58 -07:00
Kubernetes Prow Robot	ce961fdc84	Merge pull request #125165 from carlory/clean-volume-util remove unused functions in volume/util	2024-07-19 10:34:45 -07:00
bells17	e1aa8197ed	volumebinding: scheduler queueing hints - CSIStorageCapacity (#124961 ) * volumebinding: scheduler queueing hints - CSIStorageCapacity * Fixed points mentioned in the review * Fixed points mentioned in the review * Update pkg/scheduler/framework/plugins/volumebinding/volume_binding.go Co-authored-by: Kensei Nakada <handbomusic@gmail.com> * Update pkg/scheduler/framework/plugins/volumebinding/volume_binding_test.go Co-authored-by: Kensei Nakada <handbomusic@gmail.com> * Fixed points mentioned in the review * volume_binding.go を更新 Co-authored-by: Kensei Nakada <handbomusic@gmail.com> --------- Co-authored-by: Kensei Nakada <handbomusic@gmail.com>	2024-07-19 07:53:52 -07:00
Kubernetes Prow Robot	01eb9f4754	Merge pull request #125929 from sanposhiho/requeueing-metrics add: implement event_handling_duration_seconds metric	2024-07-19 04:43:00 -07:00
Kubernetes Prow Robot	77e12aeca9	Merge pull request #126207 from thockin/ingress-backend-port-atomic Make ServiceBackendPort an atomic struct	2024-07-18 19:24:26 -07:00
Kubernetes Prow Robot	7f2c167b9c	Merge pull request #126203 from danwinship/kube-proxy-bad-ips validate that kube-proxy handles "bad" IPs/CIDRs correctly	2024-07-18 19:24:18 -07:00
Kubernetes Prow Robot	25935965c5	Merge pull request #125782 from aborrero/master procMount: fix default value documentation	2024-07-18 19:24:11 -07:00
Kubernetes Prow Robot	27fa59a8af	Merge pull request #125656 from gyuho/recent-stats-check-error-for-error-level-logging feat(kubelet/stats): match cadvisor error to lower not found stats log level	2024-07-18 19:24:01 -07:00
Kubernetes Prow Robot	f2428d66cc	Merge pull request #125163 from pohly/dra-kubelet-api-version-independent-no-rest-proxy DRA: make kubelet independent of the resource.k8s.io API version	2024-07-18 17:47:48 -07:00
Kubernetes Prow Robot	5fc7032a0e	Merge pull request #126156 from pohly/kubelet-test-enhancements kubelet test enhancements	2024-07-18 14:50:54 -07:00
Kubernetes Prow Robot	fa7fcde5a4	Merge pull request #125813 from aojea/node_csr_ips Node Request Certificates require to have IPs	2024-07-18 14:50:48 -07:00
Patrick Ohly	a7396fdd3f	kubelet: grant permission for DeleteCollection also with RBAC If the node authorizer is active, RBAC rules are not needed. But if it's disabled, kubelet needs to get permission through RBAC. In contrast to the authorizer code which is a bit more flexible and isn't directly tied to the current kubelet implementation (i.e. it allows list+delete instead of just deletecollection), the RBAC entry is just for what the current kubelet does because it's a bit easier to change.	2024-07-18 23:30:09 +02:00
Patrick Ohly	7701a48bd6	dra kubelet: bump gRPC API to v1alpha4 The previous changes are an API break, therefore we need a new version.	2024-07-18 23:30:09 +02:00
Patrick Ohly	ee3205804b	dra e2e: demonstrate how to use RBAC + VAP for a kubelet plugin In reality, the kubelet plugin of a DRA driver is meant to be deployed as a daemonset with a service account that limits its permissions. https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#additional-metadata-in-pod-bound-tokens ensures that the node name is bound to the pod, which then can be used in a validating admission policy (VAP) to ensure that the operations are limited to the node. In E2E testing, we emulate that via impersonation. This ensures that the plugin does not accidentally depend on additional permissions.	2024-07-18 23:30:09 +02:00
Kubernetes Prow Robot	f82030111f	Merge pull request #126198 from aojea/flaku_lb e2e: fix flake on loadbalancer tests	2024-07-18 13:41:45 -07:00
Kubernetes Prow Robot	d040043edb	Merge pull request #124736 from MikeSpreitzer/exempt-borrows-more More assertive borrowing by exempt	2024-07-18 13:41:38 -07:00
Tim Hockin	7313990f61	Make ServiceBackendPort an atomic struct This allows different actors to force ownership of it without having to explicitly unset the other field.	2024-07-18 13:20:33 -07:00
Kubernetes Prow Robot	c4bd05df1c	Merge pull request #126181 from bitoku/refactor-kubeletseparatediskgc [sig-testing] refactor KubeletSeparateDiskGC nodefeature	2024-07-18 10:39:25 -07:00
Kubernetes Prow Robot	595927da21	Merge pull request #125660 from saschagrunert/oci-volumesource-api [KEP-4639] Add `ImageVolumeSource` API	2024-07-18 10:39:15 -07:00
Kubernetes Prow Robot	601eb7e9cf	Merge pull request #122922 from marosset/windows-memory-eviction Add support for Windows memory-pressure eviction	2024-07-18 10:39:06 -07:00
Kubernetes Prow Robot	3adafc6a50	Merge pull request #126194 from mimowo/job-e2e-tests-cleanup Format helper scripts in Job e2e tests as multiline for readability	2024-07-18 09:33:39 -07:00
Kubernetes Prow Robot	73198f893c	Merge pull request #124859 from morlay/master Remove json:",omitempty" where json:",inline" specified.	2024-07-18 09:33:33 -07:00
Sascha Grunert	f7ca3131e0	Add ImageVolumeSource API Adding the required Kubernetes API so that the kubelet can start using it. This patch also adds the corresponding alpha feature gate as outlined in KEP 4639. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>	2024-07-18 17:25:54 +02:00
Dan Winship	30bc1b59d7	Add unit tests to validate "bad IP/CIDR" handling in kube-proxy Also, fix the handling of bad EndpointSlice IPs!	2024-07-18 10:55:13 -04:00
Dan Winship	f762e5c8de	Remove an unnecessary comment in nftables output (It's redundant with the chain name.)	2024-07-18 10:54:30 -04:00
Dan Winship	11f55eae96	Reduce some duplication in nftables unit tests	2024-07-18 10:53:36 -04:00
Kubernetes Prow Robot	dda657b598	Merge pull request #126191 from p0lyn0mial/upstream-revert-promote-watch-list-to-beta Revert "Promote WatchList feature to Beta"	2024-07-18 07:39:28 -07:00
Kubernetes Prow Robot	eb58e5e002	Merge pull request #125976 from vrutkovs/apf-typemeta-print-type flowcontrol: print object type when bootstrapping flowschemas	2024-07-18 07:39:19 -07:00
Antonio Ojea	fdbe6912d2	e2e: fix flake on loadbalancer tests validating that one endpoint is reachable from one part of the cluster is not enough condition to consider it will be reachable from any node, as different Services proxies on different nodes will have different propagation delays for the EndpointSlices and Services information.	2024-07-18 12:54:54 +00:00
Kubernetes Prow Robot	7693a7e71a	Merge pull request #126190 from mimowo/job-controller-cleanup Cleanup Job controller isPodFailed function	2024-07-18 02:44:53 -07:00
Antonio Ojea	bc63c412b9	kubelet request certificates if at least one IP exist A Kubernetes Node requires to have at minimum one IP address because those are used on the Pods field HostIPs and in some cases, when pods uses hostNetwork: true, as PodIPs. Nodes that use IP addresses as Hostname are interpreted as an IP address, so it is possible that are nodes that don't hane any DNSname. The feature gate AllowDNSOnlyNodeCSR will allow user to opt-in for the old behavior. Change-Id: I094531d87246f1e7a5ef4fe57bd5d9840cb1375d	2024-07-18 09:44:48 +00:00
Kubernetes Prow Robot	a491ea7af4	Merge pull request #126092 from pacoxu/fix-node-lease fix node lease e2e flakes	2024-07-18 02:44:43 -07:00
Kensei Nakada	9ff3227b15	add: implement event_handling_duration_seconds metric	2024-07-18 18:16:57 +09:00
Michal Wozniak	2d680054c1	Format helper scripts in Job e2e tests as multiline for readability	2024-07-18 11:05:36 +02:00
Ayato Tokubi	662ed5a42d	refactor nodefeature Signed-off-by: Ayato Tokubi <atokubi@redhat.com>	2024-07-18 08:45:52 +00:00
Kubernetes Prow Robot	24fbb13eaf	Merge pull request #126113 from googs1025/enqueueExtensions_refactor scheduler: Add ctx param and error return to EnqueueExtensions.EventsToRegister()	2024-07-18 00:53:25 -07:00
Kubernetes Prow Robot	9196650533	Merge pull request #123819 from fakecore/fc/master fix: handle socket file detection on Windows	2024-07-18 00:53:16 -07:00
Lukasz Szaszkiewicz	2f5394567e	Revert "kube-controller-manager: enable WatchListClient" This reverts commit `825091693d`.	2024-07-18 09:29:53 +02:00
Lukasz Szaszkiewicz	367401cd85	Revert "e2e/apimachinery/watchlist: always run WatchList e2e tests" This reverts commit `be00cded2d`.	2024-07-18 09:29:46 +02:00
Lukasz Szaszkiewicz	88f47b4b4d	Revert "kube-apiserver: promote WatchList feature to beta" This reverts commit `0b15903b35`.	2024-07-18 09:29:24 +02:00

1 2 3 4 5 ...

124052 Commits