Stephen Augustus
c24dfe528a
cluster,hack: Use community infra GCS bucket for retrieving CI builds
...
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2021-07-03 17:04:54 -04:00
Kubernetes Prow Robot
5fe522c237
Merge pull request #101988 from vinayakankugoyal/kubeadm
...
Remove users and groups created as part of rootless control-plane in kubeadm.
2021-07-02 23:42:17 -07:00
Vinayak Goyal
1ae9b8f04d
Update kernel components to run as non-root in kubeadm.
2021-07-02 17:37:55 -07:00
Kubernetes Prow Robot
cbe3ef473e
Merge pull request #100412 from hanlins/lb-node-ports-beta
...
Lb node ports beta
2021-07-02 16:08:10 -07:00
Hanlin Shi
c96c809539
Add integration test for LB node port control
...
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:49 +00:00
Hanlin Shi
c8bc420245
Fix the beta release version.
...
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:49 +00:00
Hanlin Shi
79b6df96fc
Add tests for LB type service
...
1. create LB type svc with nodeport allocation set to false
1. create LB type svc with nodeport allocation unset
3. update LB type svc's nodeport allocation field
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:49 +00:00
Hanlin Shi
24592ca989
Update the related tests
...
1. add AllocateLoadBalancerNodePorts fields in specs for validation test cases
2. update fuzzer
3. in resource quota e2e, allocate node port for loadbalancer type service and
exceed the node port quota
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:41 +00:00
Kubernetes Prow Robot
57720afb7e
Merge pull request #103387 from SergeyKanzhelev/makeSureToSplitNPDHashesByArch
...
make sure to split NPD hashes by architecture when upgrading to 0.8.9
2021-07-02 13:38:46 -07:00
Kubernetes Prow Robot
d1833880a7
Merge pull request #103083 from vivian-xu/use-native-errors
...
Update github.com/pkg/errors with go native errors pkg
2021-07-02 13:38:38 -07:00
Kubernetes Prow Robot
c246b03d74
Merge pull request #101074 from verb/1.22-kubectl-target-warning
...
Warn user for runtime support of debug targeting
2021-07-02 13:38:26 -07:00
Andrew Sy Kim
05c6eaf0d1
promote ServiceLBNodePortControl to beta
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2021-07-02 20:09:14 +00:00
Kubernetes Prow Robot
0bb6d1431c
Merge pull request #103371 from claudiubelu/tests/windows-flakyness
...
windows tests: Wait for the network connectivity first
2021-07-02 12:30:22 -07:00
Kubernetes Prow Robot
a331cf74b7
Merge pull request #102050 from pohly/fix/deflake-metrics-proxy
...
remove metrics proxy
2021-07-02 12:30:10 -07:00
Kubernetes Prow Robot
ba008d6131
Merge pull request #103379 from thockin/rest-hooks-use-by-svc-prep
...
A collection of Service REST cleanups
2021-07-02 09:32:13 -07:00
Kubernetes Prow Robot
1345a802de
Merge pull request #103187 from Haleygo/fix-dry-run-when-using-externalCA
...
Kubeadm init --dry-run should work when using an external ca
2021-07-02 07:58:25 -07:00
Kubernetes Prow Robot
ce3bf862ee
Merge pull request #102964 from neolit123/1.22-decouple-bootstraptoken-api
...
kubeadm: decouple the bootstraptoken API from the kubeadm API
2021-07-02 07:58:13 -07:00
Kubernetes Prow Robot
93119f4503
Merge pull request #103432 from p0lyn0mial/lifecycle_events
...
simply renames terminationSignals to lifecycleSignals
2021-07-02 05:44:13 -07:00
Lee Verberne
968185e1f7
Warn user for runtime support of debug targeting
...
Add a warning message to `kubectl debug` when using the `--target`
option as many runtimes don't support it yet.
2021-07-02 14:23:00 +02:00
Haleygo
6d6d200c3a
dry-run can work when using an external ca
2021-07-02 18:53:51 +08:00
Lukasz Szaszkiewicz
6c88a62cb4
remove logging from the Signal method
2021-07-02 12:50:20 +02:00
Lukasz Szaszkiewicz
dae08bc3a7
rename terminationSignals to lifecycleSignals
2021-07-02 12:40:58 +02:00
Patrick Ohly
c91496dda0
cluster: enable debug handlers on GCE master nodes
...
This is needed for testing metrics support via the secure port
of kube-scheduler and kube-controller-manager. To access that
port, port-forwarding is used.
2021-07-02 10:38:49 +02:00
Kubernetes Prow Robot
defcc916ed
Merge pull request #103382 from liggitt/podsecurity-hostprocess
...
[PodSecurity] hostProcess baseline check
2021-07-02 01:16:24 -07:00
Kubernetes Prow Robot
3e0432c3e1
Merge pull request #102168 from adisky/credential-provider-1
...
Improve concurrency and cache for kubelet credential provider
2021-07-02 01:16:12 -07:00
Tim Hockin
2b84b49ea9
Service REST test: Remove pointless cleanup
2021-07-01 23:24:29 -07:00
Tim Hockin
ca708fa9ac
Service REST test: Fix some names
2021-07-01 23:24:24 -07:00
Kubernetes Prow Robot
659c7e709f
Merge pull request #99494 from enj/enj/i/not_after_ttl_hint
...
csr: add expirationSeconds field to control cert lifetime
2021-07-01 23:02:12 -07:00
Tim Hockin
54b6a416fb
Service REST test: better IP and port alloc checks
2021-07-01 23:01:36 -07:00
Monis Khan
8d49502fcd
csr: update e2e conformance test with expirationSeconds usage
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:16 -04:00
Monis Khan
29b3fa7826
Generated
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:16 -04:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime
...
This change updates the CSR API to add a new, optional field called
expirationSeconds. This field is a request to the signer for the
maximum duration the client wishes the cert to have. The signer is
free to ignore this request based on its own internal policy. The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration. The minimum allowed
value for this field is 600 seconds (ten minutes).
This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.
Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
2627808e93
Merge pull request #103378 from n4j/feature/podSecurityApparmor_v2
...
[PodSecurity] baseline - apparmor
2021-07-01 19:20:24 -07:00
Kubernetes Prow Robot
df95052de3
Merge pull request #103218 from dashpole/otel_clientgo
...
Add tracing to apiserver client-go requests
2021-07-01 19:20:12 -07:00
Tim Hockin
43b13840db
Service REST test: remove obscure const
2021-07-01 18:26:46 -07:00
Tim Hockin
44eb475b10
Service REST test: remove unused return value
2021-07-01 18:26:45 -07:00
Tim Hockin
d6208606f3
Service REST test: remove pointless scaffolding
2021-07-01 18:26:45 -07:00
Tim Hockin
48e591eba2
Service REST test: remove obsolete setup param
2021-07-01 18:26:45 -07:00
Tim Hockin
a3b05033f6
Move endpoints test-helper funcs to a package
2021-07-01 18:26:45 -07:00
Tim Hockin
012bfaf98d
Service REST test: remove last use of "inner"
...
This required making a more hi-fidelity fake. That, in turn, required
fixing some tests which were just not correct.
2021-07-01 18:26:45 -07:00
Tim Hockin
22ed090e73
Service REST test: mostly remove tests of "inner"
...
This test was sometimes using the "inner" REST and sometimes using the
"outer" REST. This commit changes all but one test to use the outer.
The remaining test needs rework.
2021-07-01 18:26:45 -07:00
Tim Hockin
7e8882d189
Service REST test: Remove pointless scaffolding
...
These fields don't add much value in actually proving it all works, and
they make the upcoming de-layering hard.
2021-07-01 18:26:45 -07:00
Tim Hockin
175f4f3387
Move service test-helper funcs to a package
2021-07-01 18:26:45 -07:00
Tim Hockin
b1fcbab801
Service REST test: helper funcs for ports, too
2021-07-01 18:26:45 -07:00
Tim Hockin
5f65ba7d76
Service REST test: Use helper funcs to streamline
...
This makes subsequent changes easier to see.
2021-07-01 18:26:44 -07:00
Tim Hockin
d64bb1b29e
Service REST test: always check errors
...
This will be needed in upcoming changes.
2021-07-01 18:26:44 -07:00
Tim Hockin
d3a0332b6c
Service REST test: remove unused fields
...
These fields are never set, so we can remove them with no change in
behavior.
2021-07-01 18:26:44 -07:00
Tim Hockin
292b1444eb
Remove bad test for AllocateLoadBalancerNodePorts
...
If the gate is open, we should never find nil.
2021-07-01 18:26:44 -07:00
Tim Hockin
0bb280044e
Fix typo in IP allocator error
2021-07-01 18:26:44 -07:00
Tim Hockin
5970c4671c
Add an IPFamily() method to ipallocator
2021-07-01 18:26:44 -07:00