For manifest lists containing Windows images, it is important to also have the "os.version"
annotation set, as it is needed by the Windows nodes, so they can pull the appropriate image
from the list.
Previously, the docker manifest CLI did not have the capability to set it, so, we had to set
it outselves in the manifest list's image JSON file. This is no longer necessary since
docker 20.10.0, which includes docker manifest annotate --os-version.
The docker installed in the image gcr.io/k8s-testimages/gcb-docker-gcloud:v20210622-762366a
satisfies this version requirement.
This change updates the backdating logic to only be applied to the
NotBefore date and not the NotAfter date when the certificate is
short lived. Thus when such a certificate is issued, it will not be
immediately expired. Long lived certificates continue to have the
same lifetime as before.
Consolidated all certificate lifetime logic into the
PermissiveSigningPolicy.policy method.
Signed-off-by: Monis Khan <mok@vmware.com>
When API Priority and Fairness is enabled, the inflight limits must
add up to something positive.
This rejects the configuration that prompted
https://github.com/kubernetes/kubernetes/issues/102885
Update help for max inflight flags
If the user has not specified a pull policy we must assume a default of
v1.PullIfNotPresent.
Add some extra verbose output to help users monitor what policy is
used and what images are skipped / pulled.
Use "fallthrough" and case handle "v1.PullAlways".
Update unit test.
kubernetes#60525 introduced
Balanced attached node volumes feature gate to include volume
count for prioritizing nodes. The reason for introducing this
flag was its usefulness in Red Hat OpenShift Online environment
which is not being used any more. So, removing the flag
as it helps in maintainability of the scheduler code base
as mentioned at kubernetes#101489 (comment)
heketi that is dependency for glusterfs was updated to import a fork of jwt-go that fixes
a high severity CVE-2020-26160 by importing a forked repo (form3tech-oss/jwt-go) that fixes
the CVE as the original repo (dgrijalva/jwt-go) has a fix with breaking changes and
the repo is generally loosely maintained.
This fork is already being used in other places in kubernetes. Heketi 10.3.0 includes this fix.
NOTE: The vulnerable function is not used by heketi or kubernetes. So the vulnerable package is a
transitive dependency and this fix will reduce false postive CVE alerts on kubernetes
Bumped github.com/auth0/go-jwt-middleware to v1.0.0 which removes dgrijalva/jwt-go cleanly
Fixing test failures: pull-kubernetes-dependencies
Removing unused dependencies in replace block to fix test failures: pull-kubernetes-dependencies
Bump go-jwt-middleware to v1.0.1 to *not* pull in examples only deps
- verify memory manager data returned by `GetAllocatableResources`
- verify pod container memory manager data
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>