github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity
80,894 Commits 42 Branches 7,905 Tags 1.3 GiB
aa84028119
Commit Graph

80894 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Eads
aa84028119 add protection for reserved API groups 2019-07-24 07:41:30 -04:00
Kubernetes Prow Robot
55807b71ad
Merge pull request #80433 from zgfh/add_kube_config_doc_link 
add link of kubeadm config doc
 2019-07-23 04:32:56 -07:00
Kubernetes Prow Robot
3ea28073a4
Merge pull request #80375 from wongma7/framework-csidriver 
Add CSIDriver creation factory to e2e framework
 2019-07-23 01:28:54 -07:00
Kubernetes Prow Robot
7dc5d1f064
Merge pull request #80377 from davidz627/fix/testAMDefault 
Change default PVC AccessModes to RWO in test framework
 2019-07-22 23:52:55 -07:00
Kubernetes Prow Robot
5381bf5800
Merge pull request #79553 from ahmedtd/binauthz 
GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook
 2019-07-22 22:22:53 -07:00
Kubernetes Prow Robot
f101466d2e
Merge pull request #77553 from s-urbaniak/fix-76956 
pkg/util/workqueue/prometheus: fix double registration
 2019-07-22 19:10:53 -07:00
Kubernetes Prow Robot
08f9f2b58a
Merge pull request #80436 from M00nF1sh/master 
Refactors to kubectl CP command
 2019-07-22 16:49:06 -07:00
Kubernetes Prow Robot
f31d786927
Merge pull request #78477 from YoubingLi/filter 
Fixes 78001 The implementation of Filter extension for the new framework
 2019-07-22 16:48:53 -07:00
Taahir Ahmed
9702c6e6e9 GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook 
This commit adds support for using `gke-exec-auth-plugin` (vTPM-based
certificates for mTLS) for webhooks when calling endpoints matching
`*.googleapis.com`, and integrates this support with
ValidatingAdmissionWebhook.

To enable it, request ValidatingAdmissionWebhook with
`ADMISSION_CONTROL=...,ValidatingAdmissionWebhook,...` (default) and
opt in to `gke-exec-auth-plugin` using `WEBHOOK_GKE_EXEC_AUTH=true`
during the configuration process.

If you don't opt-in, ValidatingAdmissionWebhook will be deployed as
before.

Requesting `WEBHOOK_GKE_EXEC_AUTH=true` will fail if you have not
provided other configuration variables:

  * `EXEC_AUTH_PLUGIN_URL`: controls whether `gke-exec-auth-plugin` is
    downloaded during the installation step.  A prerequisite for
    actually using the plugin.

  * `TOKEN_URL`, `TOKEN_BODY`, and `TOKEN_BODY_UNQUOTED`:
    configuration values used when calling the plugin.  `TOKEN_URL`
    and `TOKEN_BODY` have existing usage. `TOKEN_BODY_UNQUOTED` is a
    new variable that is meant to sidestep the problem of inverting
    `strconv.Quote` in Bash.

The existing configuration process for ImagePolicyWebhook has been
reworked to make it play nicely with ValidatingAdmissionWebhook under
`WEBHOOK_GKE_EXEC_AUTH=true`.

  * It originally placed the ImagePolicyWebhook configuration object
    at the top-level of the file specified by
    `--admission-control-config-file`.  I can't see why this worked;
    it must have been hitting some sort of lucky path through the
    various config file loading mechanisms.  Now, it places its
    configuration in a sub-field of that file, which is shared among
    all admission control plugins.

  * It mounted its various config files read-write.  I reviewed the
    code and couldn't see why it was necessary, so I moved the config
    files into the existing read-only mount at `/etc/srv/kubernetes`.

  * It now checks that all the configuration values it requires have
    been provided.

Co-authored-by: Mike Danese <mikedanese@google.com>
Co-authored-by: Taahir Ahmed <taahm@google.com>
 2019-07-22 16:01:37 -07:00
Kubernetes Prow Robot
150448e163
Merge pull request #80341 from chenchun/fix-bind-unreserve 
Calling Unreserve plugin before recordSchedulingFailure in case of bi…
 2019-07-22 15:14:53 -07:00
Kubernetes Prow Robot
04c9bd9bfa
Merge pull request #80176 from liyanhui1228/cpuusage 
Add CPU usage nano cores for windows nodes
 2019-07-22 13:52:53 -07:00
Tim Allclair
9ba6fe8810 refactors to kubernetes cp command 2019-07-22 13:25:13 -07:00
Angela Li
8851a42655 gofmt 2019-07-22 10:56:28 -07:00
Angela Li
e6e8615db3 address comments 2019-07-22 10:53:15 -07:00
Kubernetes Prow Robot
0d2b85878d
Merge pull request #80402 from mjudeikis/generic.retry 
make client-go/util/retry more generic
 2019-07-22 10:52:53 -07:00
M00nF1sh
bad1802892 refactors to kubernetes CP command 2019-07-22 10:33:19 -07:00
Matthew Wong
5060704a76 Add CSIDriver creation factory to e2e framework 2019-07-22 10:20:02 -07:00
alan
ca8d5759ff
add link of kubeadm config doc 2019-07-22 22:44:30 +08:00
Kubernetes Prow Robot
7e6b70fbb5
Merge pull request #59416 from verb/debug-api 
Add Ephemeral Containers to the Kubernetes core API
 2019-07-22 07:14:53 -07:00
Lee Verberne
4a753c7a44 Generated code for ephemeral containers API 2019-07-22 11:19:22 +00:00
Lee Verberne
013f049ce0 Add Ephemeral Containers to the Kubernetes core API 2019-07-22 11:19:22 +00:00
Lee Verberne
c7ffc1cd8c Rename DebugContainers feature to EphemeralContainers 2019-07-22 11:00:13 +00:00
Kubernetes Prow Robot
1cb3b5807e
Merge pull request #80418 from cwdsuzhou/July/fix_csi_attacher_ut 
Fix csi attacher unit tests using t.Run()
 2019-07-22 03:20:54 -07:00
caiweidong
8789143062 Fix csi attacher unit tests using t.Run() 2019-07-22 15:42:31 +08:00
Mangirdas
2a0856a4d8 make util/retry more generic 2019-07-21 19:20:33 +01:00
Kubernetes Prow Robot
c2a4369ba4
Merge pull request #80380 from lavalamp/bump-smd 
Bump smd
 2019-07-21 01:56:53 -07:00
Kubernetes Prow Robot
17997ab716
Merge pull request #79897 from hantaowang/bulk-verify-gce-disks 
add ability for gce to bulk verify attached disks
 2019-07-21 00:14:53 -07:00
Kubernetes Prow Robot
2e6eea5517
Merge pull request #80276 from tallclair/apparmor-upgrade 
Don't expect pod to stay up during node upgrade
 2019-07-20 05:56:54 -07:00
Kubernetes Prow Robot
cfabadb0eb
Merge pull request #80296 from bart0sh/PR0072-remove-util-procfs-dependency 
kubeadm: remove dependency on pkg/util/procfs
 2019-07-20 00:40:54 -07:00
Kubernetes Prow Robot
febc95282a
Merge pull request #80331 from wongma7/framework-panic 
Surface error returned by LoadConfig
 2019-07-19 21:24:54 -07:00
Kubernetes Prow Robot
323356fda0
Merge pull request #77327 from Huang-Wei/eps-api 
Even Pods Spread - 1. API changes
 2019-07-19 20:02:55 -07:00
Kubernetes Prow Robot
664edf8327
Merge pull request #79408 from seans3/move-kubectl-scheme 
Move kubectl scheme
 2019-07-19 16:08:55 -07:00
Daniel Smith
3c81a9a1c9 bump smd 2019-07-19 15:34:30 -07:00
Daniel Smith
f55efb8dae fix breaking change 2019-07-19 15:25:56 -07:00
Kubernetes Prow Robot
3c332a9487
Merge pull request #80125 from sttts/sttts-bazel-openapi-fix 
bazel: add openapi generation for non-main spec and fix main spec
 2019-07-19 14:25:50 -07:00
Kubernetes Prow Robot
65fc256cc3
Merge pull request #80024 from RainbowMango/pr_fix_issue_79997_kubeadm_fall_back 
kubeadm should always fall back to client version when there is any internet issue
 2019-07-19 14:25:37 -07:00
Kubernetes Prow Robot
65b094676f
Merge pull request #78350 from globervinodhn/hostip_hostport_promote 
Promote existing E2Es for hostport/HostIP resolution to conformance
 2019-07-19 14:25:24 -07:00
Kubernetes Prow Robot
b1bea169f5
Merge pull request #78000 from mkimuram/issue/77999 
Move volume_expand tests to storage e2e testsuites
 2019-07-19 14:25:11 -07:00
David Zhu
37aed97d62 Change default PVC AccessModes to RWO in test framework 2019-07-19 13:37:06 -07:00
Kubernetes Prow Robot
ab3bf7237d
Merge pull request #79565 from tedyu/runtime-cls 
Return the error from validateOverhead in RuntimeClass#Validate
 2019-07-19 12:37:24 -07:00
Kubernetes Prow Robot
de9fb9c61c
Merge pull request #75632 from globervinodhn/correct_testname_backofflimit 
Correct test name for existing E2E related to backofflimit in jobs
 2019-07-19 12:37:11 -07:00
Hantao (Will) Wang
7ee5861fb9 add ability for gce to bulk verify attached disks 2019-07-19 10:41:46 -07:00
Ed Bartosh
2adb09f0e1 kubeadm: remove dependency on pkg/util/procfs 
Run pidof utility to determine if systemd-resolved is running
instead of calling procfs.PidOf.
 2019-07-19 19:09:53 +03:00
Kubernetes Prow Robot
0fbfa755d3
Merge pull request #80362 from wojtek-t/cleanup_versioning_serializer 
Cleanup versioning serializer
 2019-07-19 07:09:11 -07:00
wojtekt
c2140d7ce1 Cleanup versioning serializer 2019-07-19 14:39:26 +02:00
Kubernetes Prow Robot
b22cbcab75
Merge pull request #80327 from bparees/params 
fix parameterization of test error message
 2019-07-19 03:27:12 -07:00
Kubernetes Prow Robot
15ade86935
Merge pull request #79921 from s-ito-ts/remove_unnecessary_check 
e2e test: Remove unnecessary return value check
 2019-07-19 00:19:11 -07:00
RainbowMango
a4ca944d53 kubeadm should always fall back to client version when there is any internet issue 2019-07-19 15:13:47 +08:00
Kubernetes Prow Robot
c45b77541b
Merge pull request #80329 from BenTheElder/less-sudo 
remove sudo from storage tests
 2019-07-18 22:55:11 -07:00
Kubernetes Prow Robot
eeb15a57fc
Merge pull request #80180 from hantaowang/get-multiple-instances-by-name 
add new function to return partial list of found instances
 2019-07-18 21:33:36 -07:00