github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity
102,093 Commits 42 Branches 7,905 Tags 1.3 GiB
f6bc5d0140
Commit Graph

102093 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Prow Robot
9ca75c1f49
Merge pull request #103243 from ii/promote-statefulset-status-test 
Promote to Conformance StatefulSet Patch, Read and Replace Status test +3
 2021-07-01 14:28:02 -07:00
Kubernetes Prow Robot
062bc359ca
Merge pull request #102444 from sanwishe/resourceStartTime 
Expose container start time in kubelet /metrics/resource endpoint
 2021-07-01 14:27:51 -07:00
Lubomir I. Ivanov
622f69bf8d kubeadm: update v1beta3's godoc changelog 2021-07-02 00:12:25 +03:00
Lubomir I. Ivanov
11d444b00e kubeadm: remove versioned copies of the bootstrap token API and utils 
Given bootstraptoken/v1 is now a separate GV, there is no need
to duplicate the API and utilities inside v1beta3 and the internal
version.

v1beta2 must continue to use its internal copy due, since output/v1alpha1
embeds the v1beta2.BootstrapToken object. See issue 2427 in k/kubeadm.
 2021-07-02 00:11:49 +03:00
Lubomir I. Ivanov
14fa296bb3 kubeadm: use the bootstraptoken/v1 API across the code base 
- Make v1beta3 use bootstraptoken/v1 instead of local copies
- Make the internal API use bootstraptoken/v1
- Update validation, /cmd, /util and other packages
- Update v1beta2 conversion
 2021-07-02 00:11:49 +03:00
Lubomir I. Ivanov
5b7bda90c0 kubeadm: introduce apis/bootstraptoken/v1 
Package bootstraptoken contains an API and utilities wrapping the
"bootstrap.kubernetes.io/token" Secret type to ease its usage in kubeadm.

The API is released as v1, since these utilities have been part of a
GA workflow for 10+ releases.

The "bootstrap.kubernetes.io/token" Secret type is also GA.
 2021-07-02 00:11:49 +03:00
mgutierrez98
1cfbb0aa25 remove webhook.go to revert changes to conformance test 2021-07-01 20:24:46 +00:00
Kubernetes Prow Robot
3334703eb2
Merge pull request #103242 from ii/promote-deployment-status-test 
Promote to Conformance Patch, Read and Replace DeploymentStatus test +1
 2021-07-01 13:18:04 -07:00
Kubernetes Prow Robot
cd94e840cb
Merge pull request #103241 from ii/promote-statefulset-list-deletecollection 
Promote to Conformance StatefulSet List, Patch & DeleteCollection Test +3
 2021-07-01 13:17:52 -07:00
Jordan Liggitt
ac4bb885be hostProcess test fixture data 2021-07-01 15:49:33 -04:00
Jordan Liggitt
49d31c45b1 PodSecurity: baseline hostProcess check 2021-07-01 15:49:33 -04:00
Kubernetes Prow Robot
e524a5ab42
Merge pull request #103282 from MrHohn/cpa-multi-arch 
Update dns-horizontal-autoscaler to use the multi-arch image
 2021-07-01 11:47:42 -07:00
Neeraj Shah
8049448113 [PodSecurity] baseline - apparmor 
Implement the "AppArmor" check from https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline

- AppArmor check
- Fixtures
- UnitTest case
 2021-07-01 23:36:55 +05:30
David Ashpole
b0ffaa93f5 move tracing instantiation further up, and check for nil 2021-07-01 10:42:11 -07:00
Kubernetes Prow Robot
e5135985fa
Merge pull request #103340 from MadhavJivrajani/proc-mount-baseline 
Add baseline check for procMount type
 2021-07-01 09:50:07 -07:00
Kubernetes Prow Robot
b0af328e6e
Merge pull request #103326 from pacoxu/safe-sysctls 
Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl
 2021-07-01 09:49:55 -07:00
Kubernetes Prow Robot
7e00f5d401
Merge pull request #103118 from wangyysde/remove-errors-from-check_conformance_test_requirements.go 
use native error instead of github.com/pkg/errors
 2021-07-01 07:39:55 -07:00
Madhav Jivrajani
f0ffba75ad Add baseline check for procMount type 
- Will not allow if a container (init or not) sets the proc mount type to anything other than `Default`
- Include fixture for proc mount baseline generation and the consequent genreated test data

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2021-07-01 20:02:36 +05:30
Kubernetes Prow Robot
1861e4756d
Merge pull request #103396 from praveenghuge/master-to-main-cleanup 
k8s.io master to main cleanup
 2021-07-01 04:45:54 -07:00
Kubernetes Prow Robot
3f4c39bbd7
Merge pull request #103063 from neolit123/1.22-add-patches-to-v1beta3 
kubeadm: add support for patches in v1beta3; deprecate --experimental-patches
 2021-07-01 02:25:54 -07:00
Sergey Kanzhelev
210c610d66 make sure to split NPD hashes by architecture when upgrading to 0.8.9 2021-07-01 08:12:35 +00:00
Kubernetes Prow Robot
a0c83ba938
Merge pull request #103385 from ravisantoshgudimetla/fix-ubernetes-tests-2 
[storage] [test] Ensure proper resource creation
 2021-07-01 00:06:06 -07:00
Kubernetes Prow Robot
dbfea1e2aa
Merge pull request #103365 from liggitt/podsecurity-feature-test 
PodSecurity: make failure integration tests feature-aware
 2021-07-01 00:05:54 -07:00
Kubernetes Prow Robot
c14017b270
Merge pull request #103176 from CaoDonghui123/updatemod 
Update golang.org/x/net
 2021-06-30 22:17:54 -07:00
Praveen Ghuge
db3534dd64 master too main cleanup 2021-06-30 21:56:29 -07:00
Kubernetes Prow Robot
5c23b61247
Merge pull request #103327 from SataQiu/fix-write-config-to 
kube-scheduler: ensure the default config output of --write-to-config is usable
 2021-06-30 21:00:06 -07:00
Kubernetes Prow Robot
ea0098b811
Merge pull request #103219 from mgutierrez98/refactor-wait_go 
Renamed variable within wait_test containing master to control plane
 2021-06-30 20:59:54 -07:00
wangyysde
e2e1c94f06 use native error instead of github.com/pkg/errors 
Signed-off-by: wangyysde <net_use@bzhy.com>
 2021-07-01 10:54:09 +08:00
Kubernetes Prow Robot
4748bb04b6
Merge pull request #102508 from kolyshkin/runc-1.0 
Update runc to 1.0.0
 2021-06-30 19:35:55 -07:00
pacoxu
2cab85a403 Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-07-01 10:31:21 +08:00
Jordan Liggitt
ba6b4c5a18 PodSecurity: test GA-only cases and alpha/beta fields separately 2021-06-30 22:08:11 -04:00
Jordan Liggitt
e87016cf94 PodSecurity: add ability to skip failure cases if relevant features are disabled 2021-06-30 22:05:00 -04:00
Yecheng Fu
b522e95aae Prioritizing nodes based on volume capacity: API changes 2021-07-01 10:00:59 +08:00
Swetha Repakula
03b7a699c2 Kubeproxy uses V1 EndpointSlice 2021-06-30 18:41:57 -07:00
Kubernetes Prow Robot
c206af0367
Merge pull request #103380 from vinayakankugoyal/bug 
Fix incorrect user and group for kube-scheduler when it is running as non-root.
 2021-06-30 17:21:53 -07:00
Kir Kolyshkin
ab5b77944e kubelet/cm: don't set Devices 
Since runc 1.0.0 it is now sufficient to have SkipDevices: true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2021-06-30 16:17:35 -07:00
Kir Kolyshkin
4e7cf5413d vendor: bump runc to 1.0.0 pre 
This is to check if runc 1.0.0 (to be released shortly) works with k8s.

The commands used were (roughly):

	hack/pin-dependency.sh github.com/opencontainers/runc v1.0.0
	hack/lint-dependencies.sh
	# Follow its recommendations.
	hack/pin-dependency.sh github.com/cilium/ebpf v0.6.1
	hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2
	hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1
	# Recheck.
	hack/lint-dependencies.sh
	GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset
	hack/update-vendor.sh
	# Recheck.
	hack/lint-dependencies.sh
	hack/update-internal-modules.sh
	# Recheck.
	hack/lint-dependencies.sh

[v2: rebased, updated runc 3a0234e1fe2e82 -> 2f8e8e9d977500]
[v3: testing master + runc pr 3019]
[v4: updated to 93a01cd4d0b7a0f08a]
[v5: updated to f093cca13d3cf8a484]
[v6: rebased]
[v7: updated to runc v1.0.0]
[v8: rebased]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2021-06-30 16:16:32 -07:00
Kubernetes Prow Robot
642f42d62b
Merge pull request #103364 from aramase/check-privileged 
[PodSecurity] Add privileged containers baseline check
 2021-06-30 16:11:48 -07:00
Kubernetes Prow Robot
385402d506
Merge pull request #103082 from chrishenzie/read-write-once-pod-access-mode-scheduler 
Enforce ReadWriteOncePod during scheduling
 2021-06-30 16:11:36 -07:00
ravisantoshgudimetla
67bc23411b [storage] [test] Ensure proper resource creation 
Ensure resources are created in zone with schedulable
nodes. For example, if we have 4 zones with 3 zones
having worker nodes and 1 zone having master nodes(unscheduable
for workloads), we should not create resources like PV, PVC or
pods in that zone.
 2021-06-30 18:01:57 -04:00
Kubernetes Prow Robot
0dad7d1c47
Merge pull request #103318 from jpbetz/fix-102749 
Bump SMD to v4.1.2 to pick up #102749 fix
 2021-06-30 14:03:03 -07:00
Anish Ramasekar
5bd3334ad6
[PodSecurity] Add privileged containers baseline check 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2021-06-30 16:39:28 -04:00
Joe Betz
b790cf388c Bump SMD to v4.1.2 to pick up #102749 fix 2021-06-30 12:06:35 -07:00
Kubernetes Prow Robot
9c360b6185
Merge pull request #103361 from m14815/commit-21.6.2 
Error string should not be capitalized or end with punctuation.
 2021-06-30 11:50:17 -07:00
Kubernetes Prow Robot
60ea3b6d52
Merge pull request #103325 from njuptlzf/psp-sysctls 
[PodSecurity] Implement sysctls check
 2021-06-30 11:50:07 -07:00
Kubernetes Prow Robot
0ccdc4afc3
Merge pull request #103315 from sejr/test-psp-hostPath 
[Pod Security] HostPath baseline check
 2021-06-30 11:49:54 -07:00
Kubernetes Prow Robot
4dc82f94ed
Merge pull request #103314 from PushkarJ/psp-hostports 
[PodSecurity] Implement host ports check
 2021-06-30 11:49:41 -07:00
Kubernetes Prow Robot
a6ef76157b
Merge pull request #102623 from vazmin/bug-cli-string-slice-flag 
fix bug where string slice flag is not assigned
 2021-06-30 11:49:28 -07:00
Kubernetes Prow Robot
f962166f30
Merge pull request #100339 from p0lyn0mial/upstream-delegated-authz-metrics 
adds metrics for delegated authz
 2021-06-30 11:49:16 -07:00
Kubernetes Prow Robot
98d20f552b
Merge pull request #99378 from mattcary/api 
StatefulSet PersistentVolumeClaimDeletePolicy
 2021-06-30 11:49:03 -07:00