Commit Graph

102041 Commits

Author SHA1 Message Date
Stephen Augustus
c24dfe528a
cluster,hack: Use community infra GCS bucket for retrieving CI builds
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2021-07-03 17:04:54 -04:00
Kubernetes Prow Robot
5fe522c237
Merge pull request #101988 from vinayakankugoyal/kubeadm
Remove users and groups created as part of rootless control-plane in kubeadm.
2021-07-02 23:42:17 -07:00
Vinayak Goyal
1ae9b8f04d Update kernel components to run as non-root in kubeadm. 2021-07-02 17:37:55 -07:00
Kubernetes Prow Robot
cbe3ef473e
Merge pull request #100412 from hanlins/lb-node-ports-beta
Lb node ports beta
2021-07-02 16:08:10 -07:00
Hanlin Shi
c96c809539 Add integration test for LB node port control
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:49 +00:00
Hanlin Shi
c8bc420245 Fix the beta release version.
Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:49 +00:00
Hanlin Shi
79b6df96fc Add tests for LB type service
1. create LB type svc with nodeport allocation set to false
1. create LB type svc with nodeport allocation unset
3. update LB type svc's nodeport allocation field

Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:49 +00:00
Hanlin Shi
24592ca989 Update the related tests
1. add AllocateLoadBalancerNodePorts fields in specs for validation test cases
2. update fuzzer
3. in resource quota e2e, allocate node port for loadbalancer type service and
   exceed the node port quota

Signed-off-by: Hanlin Shi <shihanlin9@gmail.com>
2021-07-02 21:58:41 +00:00
Kubernetes Prow Robot
57720afb7e
Merge pull request #103387 from SergeyKanzhelev/makeSureToSplitNPDHashesByArch
make sure to split NPD hashes by architecture when upgrading to 0.8.9
2021-07-02 13:38:46 -07:00
Kubernetes Prow Robot
d1833880a7
Merge pull request #103083 from vivian-xu/use-native-errors
Update github.com/pkg/errors with go native errors pkg
2021-07-02 13:38:38 -07:00
Kubernetes Prow Robot
c246b03d74
Merge pull request #101074 from verb/1.22-kubectl-target-warning
Warn user for runtime support of debug targeting
2021-07-02 13:38:26 -07:00
Andrew Sy Kim
05c6eaf0d1 promote ServiceLBNodePortControl to beta
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2021-07-02 20:09:14 +00:00
Kubernetes Prow Robot
0bb6d1431c
Merge pull request #103371 from claudiubelu/tests/windows-flakyness
windows tests: Wait for the network connectivity first
2021-07-02 12:30:22 -07:00
Kubernetes Prow Robot
a331cf74b7
Merge pull request #102050 from pohly/fix/deflake-metrics-proxy
remove metrics proxy
2021-07-02 12:30:10 -07:00
Kubernetes Prow Robot
ba008d6131
Merge pull request #103379 from thockin/rest-hooks-use-by-svc-prep
A collection of Service REST cleanups
2021-07-02 09:32:13 -07:00
Kubernetes Prow Robot
1345a802de
Merge pull request #103187 from Haleygo/fix-dry-run-when-using-externalCA
Kubeadm init --dry-run should work when using an external ca
2021-07-02 07:58:25 -07:00
Kubernetes Prow Robot
ce3bf862ee
Merge pull request #102964 from neolit123/1.22-decouple-bootstraptoken-api
kubeadm: decouple the bootstraptoken API from the kubeadm API
2021-07-02 07:58:13 -07:00
Kubernetes Prow Robot
93119f4503
Merge pull request #103432 from p0lyn0mial/lifecycle_events
simply renames terminationSignals to lifecycleSignals
2021-07-02 05:44:13 -07:00
Lee Verberne
968185e1f7 Warn user for runtime support of debug targeting
Add a warning message to `kubectl debug` when using the `--target`
option as many runtimes don't support it yet.
2021-07-02 14:23:00 +02:00
Haleygo
6d6d200c3a dry-run can work when using an external ca 2021-07-02 18:53:51 +08:00
Lukasz Szaszkiewicz
6c88a62cb4 remove logging from the Signal method 2021-07-02 12:50:20 +02:00
Lukasz Szaszkiewicz
dae08bc3a7 rename terminationSignals to lifecycleSignals 2021-07-02 12:40:58 +02:00
Patrick Ohly
c91496dda0 cluster: enable debug handlers on GCE master nodes
This is needed for testing metrics support via the secure port
of kube-scheduler and kube-controller-manager. To access that
port, port-forwarding is used.
2021-07-02 10:38:49 +02:00
Kubernetes Prow Robot
defcc916ed
Merge pull request #103382 from liggitt/podsecurity-hostprocess
[PodSecurity] hostProcess baseline check
2021-07-02 01:16:24 -07:00
Kubernetes Prow Robot
3e0432c3e1
Merge pull request #102168 from adisky/credential-provider-1
Improve concurrency and cache for kubelet credential provider
2021-07-02 01:16:12 -07:00
Tim Hockin
2b84b49ea9 Service REST test: Remove pointless cleanup 2021-07-01 23:24:29 -07:00
Tim Hockin
ca708fa9ac Service REST test: Fix some names 2021-07-01 23:24:24 -07:00
Kubernetes Prow Robot
659c7e709f
Merge pull request #99494 from enj/enj/i/not_after_ttl_hint
csr: add expirationSeconds field to control cert lifetime
2021-07-01 23:02:12 -07:00
Tim Hockin
54b6a416fb Service REST test: better IP and port alloc checks 2021-07-01 23:01:36 -07:00
Monis Khan
8d49502fcd
csr: update e2e conformance test with expirationSeconds usage
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:16 -04:00
Monis Khan
29b3fa7826
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:16 -04:00
Monis Khan
cd91e59f7c
csr: add expirationSeconds field to control cert lifetime
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
2627808e93
Merge pull request #103378 from n4j/feature/podSecurityApparmor_v2
[PodSecurity] baseline - apparmor
2021-07-01 19:20:24 -07:00
Kubernetes Prow Robot
df95052de3
Merge pull request #103218 from dashpole/otel_clientgo
Add tracing to apiserver client-go requests
2021-07-01 19:20:12 -07:00
Tim Hockin
43b13840db Service REST test: remove obscure const 2021-07-01 18:26:46 -07:00
Tim Hockin
44eb475b10 Service REST test: remove unused return value 2021-07-01 18:26:45 -07:00
Tim Hockin
d6208606f3 Service REST test: remove pointless scaffolding 2021-07-01 18:26:45 -07:00
Tim Hockin
48e591eba2 Service REST test: remove obsolete setup param 2021-07-01 18:26:45 -07:00
Tim Hockin
a3b05033f6 Move endpoints test-helper funcs to a package 2021-07-01 18:26:45 -07:00
Tim Hockin
012bfaf98d Service REST test: remove last use of "inner"
This required making a more hi-fidelity fake.  That, in turn, required
fixing some tests which were just not correct.
2021-07-01 18:26:45 -07:00
Tim Hockin
22ed090e73 Service REST test: mostly remove tests of "inner"
This test was sometimes using the "inner" REST and sometimes using the
"outer" REST.  This commit changes all but one test to use the outer.
The remaining test needs rework.
2021-07-01 18:26:45 -07:00
Tim Hockin
7e8882d189 Service REST test: Remove pointless scaffolding
These fields don't add much value in actually proving it all works, and
they make the upcoming de-layering hard.
2021-07-01 18:26:45 -07:00
Tim Hockin
175f4f3387 Move service test-helper funcs to a package 2021-07-01 18:26:45 -07:00
Tim Hockin
b1fcbab801 Service REST test: helper funcs for ports, too 2021-07-01 18:26:45 -07:00
Tim Hockin
5f65ba7d76 Service REST test: Use helper funcs to streamline
This makes subsequent changes easier to see.
2021-07-01 18:26:44 -07:00
Tim Hockin
d64bb1b29e Service REST test: always check errors
This will be needed in upcoming changes.
2021-07-01 18:26:44 -07:00
Tim Hockin
d3a0332b6c Service REST test: remove unused fields
These fields are never set, so we can remove them with no change in
behavior.
2021-07-01 18:26:44 -07:00
Tim Hockin
292b1444eb Remove bad test for AllocateLoadBalancerNodePorts
If the gate is open, we should never find nil.
2021-07-01 18:26:44 -07:00
Tim Hockin
0bb280044e Fix typo in IP allocator error 2021-07-01 18:26:44 -07:00
Tim Hockin
5970c4671c Add an IPFamily() method to ipallocator 2021-07-01 18:26:44 -07:00