kubernetes

mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 18:24:07 +00:00

Author	SHA1	Message	Date
cpanato	b0c7956a86	Bump distroless-iptables to v0.4.1 Signed-off-by: cpanato <ctadeu@gmail.com>	2023-10-13 11:00:04 +02:00
Kubernetes Prow Robot	b40f1c00e2	Merge pull request #121203 from enj/enj/i/h2_dos_flake Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests	2023-10-13 05:03:05 +02:00
Kubernetes Prow Robot	a7f8c2f787	Merge pull request #118846 from cyclinder/net.ipv4.tcp_keepalive_time Mark net.ipv4.tcp_keepalive_time as a safe sysctl	2023-10-13 05:02:51 +02:00
Kubernetes Prow Robot	0d63366bdf	Merge pull request #121195 from borg-land/rundir-ignore Add rundir folder to gitignore	2023-10-13 03:52:34 +02:00
Kubernetes Prow Robot	4c8fca2f06	Merge pull request #112894 from pohly/e2e-framework-test-labels e2e framework: test labels	2023-10-13 02:40:43 +02:00
Monis Khan	cd5db9b7f2	Skip TestUnauthenticatedHTTP2ClientConnectionClose http1 tests These occasionally flake on CI: https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/121200/pull-kubernetes-unit-go-compatibility/1712589824344461312 === Failed === FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s) authentication_test.go:653: expect TCP connection: 1, actual: 2 --- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true/http/1.1 (0.19s) === FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s) --- FAIL: TestUnauthenticatedHTTP2ClientConnectionClose/other_skip=true (0.23s) === FAIL: vendor/k8s.io/apiserver/pkg/endpoints/filters TestUnauthenticatedHTTP2ClientConnectionClose (2.30s) Signed-off-by: Monis Khan <mok@microsoft.com>	2023-10-12 19:13:07 -04:00
Kubernetes Prow Robot	cb713c15e9	Merge pull request #121120 from enj/enj/i/h2_dos Prevent rapid reset http2 DOS on API server	2023-10-13 00:05:46 +02:00
upodroid	80e378181e	add rundir folder to gitignore	2023-10-12 21:54:59 +01:00
Monis Khan	800a8eaba7	Prevent rapid reset http2 DOS on API server This change fully addresses CVE-2023-44487 and CVE-2023-39325 for the API server when the client is unauthenticated. The changes to util/runtime are required because otherwise a large number of requests can get blocked on the time.Sleep calls. For unauthenticated clients (either via 401 or the anonymous user), we simply no longer allow such clients to hold open http2 connections. They can use http2, but with the performance of http1 (with keep-alive disabled). Since this change has the potential to cause issues, the UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to remove this protection (it is enabled by default). For example, when the API server is fronted by an L7 load balancer that is set up to mitigate http2 attacks, unauthenticated clients could force disable connection reuse between the load balancer and the API server (many incoming connections could share the same backend connection). An API server that is on a private network may opt to disable this protection to prevent performance regressions for unauthenticated clients. For all other clients, we rely on the golang.org/x/net fix in `b225e7ca6d` That change is not sufficient to adequately protect against a motivated client - future changes to Kube and/or golang.org/x/net will be explored to address this gap. The Kube API server now uses a max stream of 100 instead of 250 (this matches the Go http2 client default). This lowers the abuse limit from 1000 to 400. Signed-off-by: Monis Khan <mok@microsoft.com>	2023-10-12 16:54:07 -04:00
Kubernetes Prow Robot	2b4ef19578	Merge pull request #121191 from dims/update-busybox-sha-based-image-to-match-tag-1.36-1-1 Update busybox SHA based image to match tag - 1.36.1-1	2023-10-12 22:49:43 +02:00
Kubernetes Prow Robot	1cc9479720	Merge pull request #121189 from nilekhc/validation-doc [KMSv2] chore: updates api doc	2023-10-12 22:49:35 +02:00
Kubernetes Prow Robot	e93e8eac0e	Merge pull request #120735 from Jefftree/request-body Bump kube-openapi with v3 marshal and requestBody required marking	2023-10-12 22:49:25 +02:00
Kubernetes Prow Robot	8923c3c871	Merge pull request #119659 from kannon92/beta-pod-ready-to-start [KEP-3085] Promote PodReadyToStartContainers to beta in 1.29	2023-10-12 22:49:16 +02:00
Kubernetes Prow Robot	32ea66d524	Merge pull request #121159 from siyuanfoundation/getCurrentState k8s.io/apiserver/storage/etcd: refactor getCurrentState.	2023-10-12 21:45:00 +02:00
Kubernetes Prow Robot	df6cbc4956	Merge pull request #119877 from dejanzele/cleanup-validate-selector cleanup: extract generateSelector from Validate method in job strategy	2023-10-12 21:44:46 +02:00
Davanum Srinivas	968d6b8a32	Update busybox SHA based image to match tag - 1.36.1-1 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2023-10-12 14:17:36 -04:00
Kubernetes Prow Robot	d4a6a674de	Merge pull request #120976 from tengqm/fix-audit-apidoc Fix API docs for audit APIs	2023-10-12 20:00:58 +02:00
Nilekh Chaudhari	78ffa882be	chore: updates api doc Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>	2023-10-12 16:56:39 +00:00
Kubernetes Prow Robot	3bd4c1cf20	Merge pull request #120892 from ii/create-pv-pvc-status-test Write e2e test for PersistentVolumeStatus & PersistentVolumeClaimStatus Endpoints +6 Endpoints	2023-10-12 18:50:33 +02:00
Kubernetes Prow Robot	5faebe11b4	Merge pull request #120562 from ArkaSaha30/govulncheck-script Add govulncheck script to expose go vulnerabilities	2023-10-12 18:50:19 +02:00
Dejan Pejchev	de5dcdc79b	cleanup: fix missing manual selectors in strategy test	2023-10-12 17:35:11 +02:00
Dejan Pejchev	761cb18a68	cleanup: refactor job strategy tests; add test for generating selectors in PrepareForCreate test	2023-10-12 17:32:35 +02:00
Dejan Pejchev	b9b436a018	cleanup: extract generateSelector from Validate method in job strategy	2023-10-12 17:32:32 +02:00
Kevin Hannon	c94240e2e2	move kubelet constant for podreadytostart to staging	2023-10-12 11:18:11 -04:00
Kubernetes Prow Robot	bae6911b11	Merge pull request #121142 from aleksandra-malinowska/sts-concurrent-write-fix Fix concurrent map writes on missing PVC creation in StatefulSet controller	2023-10-12 17:11:19 +02:00
Kubernetes Prow Robot	801932c012	Merge pull request #120825 from pacoxu/kubeadm-skew-match kubeadm: adjust kubeadm skew policy for upgrades	2023-10-12 16:00:02 +02:00
Kubernetes Prow Robot	38a1ec75f0	Merge pull request #119882 from ffromani/podres-client-wait podresources: e2e: force eager connection	2023-10-12 15:59:55 +02:00
Kubernetes Prow Robot	da12d7ac8a	Merge pull request #121175 from dims/switch-to-newer-cos-gpu-installer-v2.1.9 Switch to newer cos-gpu-installer - v2.1.9	2023-10-12 14:09:22 +02:00
Davanum Srinivas	de01788dea	Switch to newer cos-gpu-installer - v2.1.9 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2023-10-12 06:59:39 -04:00
Kubernetes Prow Robot	963178207a	Merge pull request #121172 from SataQiu/clean-kubeadm-20231012 kubeadm: remove AlphaDisclaimer for certs phases	2023-10-12 10:25:25 +02:00
SataQiu	adae1e33ea	kubeadm: remove AlphaDisclaimer for certs phases	2023-10-12 15:11:12 +08:00
Kubernetes Prow Robot	3d1ac86013	Merge pull request #121170 from dims/switch-to-newer-cos-gpu-installer-v2.1.7 Switch to newer cos-gpu-installer - v2.1.9	2023-10-12 08:08:59 +02:00
Kubernetes Prow Robot	a2cc9db02f	Merge pull request #119665 from vinaykul/getpodqos-optimization Perf optimization: GetPodQOS() returns persisted value of PodStatus.QOSClass, if set.	2023-10-12 06:48:26 +02:00
Paco Xu	7b1d87383e	add kubelet policy skew test for kubeadm	2023-10-12 11:17:05 +08:00
Davanum Srinivas	5ad5ef1d0f	Switch to newer cos-gpu-installer - v2.1.7 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2023-10-11 23:15:51 -04:00
Kubernetes Prow Robot	6bc2f2ec22	Merge pull request #118729 from danwinship/endpoint-naming Fix endpoint-related names to use consistent singular/plural	2023-10-12 05:13:38 +02:00
Kubernetes Prow Robot	f9d987c7c8	Merge pull request #121106 from aojea/ipaddress_uid Remove Ipaddress uid	2023-10-12 03:26:45 +02:00
Kubernetes Prow Robot	b47aa1c20e	Merge pull request #120808 from aroradaman/proxy-conntrack-udp-timeouts Adding option to configure UDP timeouts for conntrack	2023-10-12 01:59:55 +02:00
Kubernetes Prow Robot	9cf1910b38	Merge pull request #121116 from alexanderConstantinescu/reintroduce-ready-predicate-foretp-local KCCM: fix GCP ILB by reintroducing readiness predicate for eTP:Local	2023-10-12 00:51:19 +02:00
Kubernetes Prow Robot	5027809be8	Merge pull request #119479 from HirazawaUi/implement-secrets-empty-value-test implement secret empty string value integration test	2023-10-12 00:51:13 +02:00
Daman Arora	15ae6cc160	pkg/proxy: add flag to configure udp conntrack timeouts Signed-off-by: Daman Arora <aroradaman@gmail.com>	2023-10-12 03:08:21 +05:30
Kubernetes Prow Robot	07029999f9	Merge pull request #120666 from b8kings0ga/feature/fix-comment-correction AttachDetachControllerConfiguration.ReconcilerSyncLoopPeriod default value comment fix	2023-10-11 22:51:49 +02:00
Dejan Zele Pejchev	921c0d0180	cleanup: add defaulting for job manual selector (#120206 ) * cleanup: add defaulting for job manual selector * cleanup: add assert in job defaults test for manual selector * cleanup: fix failing job storage test * cleanup: fix batch fuzzer to handle manual selector default * cleanup: fix lint issue on checking bool condition in job strategy * cleanup: remove TODO in generateSelectors in job strategy Validate; inline job manual selector assignment in fuzzer	2023-10-11 22:51:40 +02:00
Kubernetes Release Robot	c83e73ba57	CHANGELOG: Update directory for v1.29.0-alpha.2 release	2023-10-11 19:16:59 +00:00
Kubernetes Prow Robot	0318c61c43	Merge pull request #121130 from sanposhiho/patch-7 Fix: update KEP which the QueueingHint's feature gate refers to	2023-10-11 20:29:43 +02:00
Kubernetes Prow Robot	dc1cde6e02	Merge pull request #121044 from charles-chenzz/e2e_pod_readytostart_false [KEP-3085]: check PodReadyToStartContainers condition after gracefulshutdown	2023-10-11 20:29:32 +02:00
Siyuan Zhang	ebca5d438d	k8s.io/apiserver/storage/etcd: refactor getCurrentState. Extract getCurrentState as a separate method that can be reused. Signed-off-by: Siyuan Zhang <sizhang@google.com>	2023-10-11 09:56:07 -07:00
Kubernetes Prow Robot	338c3a0fc7	Merge pull request #121149 from cpanato/update-go-1213 [go] Bump images, dependencies and versions to go 1.21.3	2023-10-11 18:21:58 +02:00
Jefftree	555c1b8091	bump kube-openapi	2023-10-11 11:12:47 -04:00
Jefftree	83760ae56c	update openapi with required requestBody	2023-10-11 11:11:51 -04:00

1 2 3 4 5 ...

118862 Commits