1a316015e3
refactor persistent volume labeler admission controller to use cloudprovider.PVLabler
2019-01-24 13:29:56 -05:00
4cd759dbe0
Merge pull request #73001 from shivnagarajan/remove_deprecated_taints
...
remove remaining deprecated taints from 1.9
2019-01-24 05:18:57 -08:00
1a15d80967
generated
2019-01-23 16:34:44 -05:00
17aa60686e
Deprecate and remove use of alpha metadata.initializers field, remove IncludeUninitialized options
2019-01-23 16:34:43 -05:00
52519ecb1c
remove deprecated openapi paths in favor of /openapi/v2
2019-01-21 16:33:41 -05:00
36ee154243
remove deprecated taints from 1.9
2019-01-16 21:20:57 -05:00
9229399bd6
Remove build/verify scripts for swagger 1.2 API docs, API server swagger ui / swagger 1.2 config
2019-01-15 13:33:06 -05:00
dd19b923b7
Remove executable file permission from OWNERS files
2019-01-11 16:42:59 -08:00
33a9c6e892
Merge pull request #72737 from liggitt/deprecate-deny-exec-admission
...
Deprecate DenyEscalatingExec and DenyExecOnPrivileged admission plugins
2019-01-11 03:30:48 -08:00
61be3683f3
Deprecate DenyEscalatingExec and DenyExecOnPrivileged admission plugins
2019-01-10 11:57:12 -05:00
cc67ccfd7f
Merge pull request #71731 from cheftako/leaseMetric
...
Add gauge metric for master of leader election.
2019-01-08 08:57:53 -08:00
73dcfe12da
Stop checking VolumeScheduling feature gate
2018-12-27 17:45:45 -05:00
f192657380
Add gauge metric for master of leader election.
...
Fixes #71730
0 indicates standby, 1 indicates master, label indicates which lease.
Tweaked name and documentation
Factored in Mike Danese feedback.
Removed dependency on prometheus from client-go using adapter.
Centralized adapter import.
Fixed godeps
Fixed boilerplate.
Put in fixes for caesarxuchao
2018-12-27 09:40:33 -08:00
0ff455e340
generated files
2018-12-19 11:19:12 -05:00
fd9e9b01b1
Remove uses of extensions/v1beta1 clients
2018-12-19 11:18:53 -05:00
546ece7b2c
Promote NodeLease to Beta and enable by default
2018-12-17 10:19:22 +01:00
5289fab2f6
Merge pull request #71396 from liggitt/forbidden-messages
...
Improve node authorizer and noderestriction forbidden messages
2018-11-30 00:04:46 -08:00
79e5cb2cb7
Merge pull request #71302 from liggitt/verify-unit-test-feature-gates
...
Split mutable and read-only access to feature gates, limit tests to readonly access
2018-11-29 21:45:12 -08:00
1ec6672580
Added similar functionality for init containers as standard containers in PodPreset admission controller
2018-11-27 14:31:32 -08:00
0bab5ee5ad
Currently the root-ca-cert-publisher was shadowed by BoundServiceAccountTokenVolume feature gate.
...
But its corresponding bootstrap RBAC policy was shadowed by TokenRequest feature gate.
This patch fix it.
2018-11-27 11:44:35 +08:00
16e355791f
Improve node authorizer and noderestriction forbidden messages
2018-11-24 09:31:10 -05:00
2498ca7606
drop VerifyFeatureGatesUnchanged
2018-11-21 11:51:33 -05:00
ca696fef26
Merge pull request #69848 from mikedanese/projadmission
...
migrate service account volume to a projected volume when BoundServiceAccountTokenVolumes are enabled
2018-11-16 22:46:23 -08:00
1244ee6651
migrate service account volume to a projected volume
...
When BoundServiceAccountTokenVolume feature is enabled.
2018-11-16 19:32:44 +00:00
733dd9dfd7
Add tests to ensure feature gate changes don't escape kubelet/scheduler packages
2018-11-16 10:52:53 -05:00
de8bf9b63d
fix scheduler and kubelet unit tests leaking feature flag changes
2018-11-16 10:52:53 -05:00
248d661327
Add tests to ensure storage feature gate changes don't escape packages
2018-11-16 10:52:53 -05:00
358c092abe
fix storage unit tests leaking feature flag changes
2018-11-16 10:52:52 -05:00
fd64c08240
Fix storage feature gate test setting
2018-11-16 10:49:40 -05:00
1a54fd4319
Merge pull request #71021 from liggitt/node-self-deletion
...
Remove self-deletion permissions from kubelets
2018-11-16 01:53:31 -08:00
8d7cc39031
Remove self-deletion permissions from kubelets
2018-11-14 00:42:06 -05:00
9fb2dcad5e
Limit kubelets from updating their own labels
2018-11-13 23:48:47 -05:00
94c5953904
Merge pull request #70699 from liggitt/controllerrevisions
...
Include read access to controllerrevisions for admin/edit/view roles
2018-11-11 21:17:39 -08:00
954996e231
Move from glog to klog
...
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
2018-11-10 07:50:31 -05:00
e133ab274d
Merge pull request #70515 from davidz627/feature/csiNodeInfo
...
Add explicit "Installed" field to CSINodeInfo and change update semantics
2018-11-09 06:42:09 -08:00
4621887037
Updated test files with new fields
2018-11-08 19:45:01 -08:00
f212b9db23
Merge pull request #70598 from dims/switch-from-sigs.k8s.io/yaml-to-ghodss/yaml
...
Switch to sigs.k8s.io/yaml from ghodss/yaml
2018-11-08 10:57:36 -08:00
3f5db92840
Merge pull request #68812 from WanLinghao/token_projection_ca_secret_create
...
Create Ca-certificate configmap used by token projected volume
2018-11-08 10:57:25 -08:00
efac533f92
To inject ca.crt into container when projected volume was specified, configmap should be created in each namespace.
...
This patch add a controller called "root-ca-cert-publisher" to complete above job as well as some bootstrap rbac policies.
2018-11-08 11:33:47 +08:00
43f523d405
Switch to sigs.k8s.io/yaml from ghodss/yaml
...
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31
2018-11-07 13:17:32 -05:00
7e097cf243
Merge pull request #70355 from yue9944882/flake/fixes-improper-test-gc-admission
...
Fixes unnecessary legacy scheme dry import for gc admission test regression
2018-11-07 09:06:08 -08:00
001627000f
Include read access to controllerrevisions for admin/edit/view roles
2018-11-06 10:23:39 -05:00
360a890c58
serviceaccount subproject approvers/reviewers
2018-11-06 00:57:39 -05:00
35178d352d
auth policy subproject approvers/reviewers
2018-11-06 00:57:39 -05:00
4cbdc98df3
node-isolation approvers/reviewers
2018-11-06 00:57:39 -05:00
9ae79f9653
authorizers subproject approvers/reviewers
2018-11-06 00:57:38 -05:00
4fa2a0cc8a
authenticators subproject approvers/reviewers
2018-11-06 00:57:38 -05:00
965448ff83
fixes unnecessary dry import for test regression
2018-11-03 11:41:59 +08:00
4351cea80c
Merge pull request #70046 from cheftako/lintCleanGce
...
Fixed lint errors for pkg/cloudprovider/providers/gce.
2018-11-01 13:44:06 -07:00
bf5c862889
Merge pull request #70389 from caesarxuchao/gc-admission-cluster-scoped-owner
...
make gc admission set attribute namespace correctly for owners
2018-10-31 14:48:07 -07:00
db3c84a97c
make gc admission set attribute namespace correctly for owners
2018-10-29 15:00:11 -07:00
735ad9ed63
Fixed lint errors for pkg/cloudprovider/providers/gce.
...
Fixed minor issues.
Cleaned up from merge errors.
2018-10-29 11:52:24 -07:00
3558f83957
Revert "Improve multi-authorizer errors"
...
This reverts commit 1c012f1c49
2018-10-29 11:05:45 -07:00
79599ac419
Prune internal clientset/informer from kubeapiserver admission initializer ( #70167 )
...
* externalize pv resize admission controller
* externalize podtolerationrestriction admission controller
* externalize podnodeselector admission controller
* remove internal clientset/informer from kubeapiserver admission initializer
* minor change: fixes scheduler integration test compiliation
2018-10-24 14:47:16 -07:00
e3b61ea9cf
switch informer in token authn
2018-10-24 15:46:55 +08:00
753dfbe8fd
Merge pull request #69685 from yue9944882/externalize-psp-admission-controller
...
Externalize PSP admission controller
2018-10-23 12:29:38 -07:00
e2c61169b1
externalize psp admission controller
2018-10-24 00:22:07 +08:00
e5227216c0
rebase authenticators onto new interface.
2018-10-22 10:16:59 -07:00
14c969b604
Remove myself from OWNERS files.
2018-10-16 22:47:44 +01:00
a1d1385f40
Merge pull request #66854 from k82cn/k8s_66853
...
Set PriorityClassName when there's a default PirorityClass.
2018-10-13 01:33:02 -07:00
b7c7966b9f
Move pkg/scheduler/algorithm/well_known_labels.go out
2018-10-13 09:10:00 +08:00
53e85280f4
Merge pull request #69714 from ericchiang/owners
...
Remove ericchiang from OWNERS files
2018-10-12 16:01:52 -07:00
e23a3af013
Merge pull request #67802 from krmayankk/dockershimtests
...
Implement RunAsGroup Strategy in PSP
2018-10-12 11:19:39 -07:00
b3033a7278
Merge pull request #67934 from tanshanshan/typo828
...
fix spelling mistakes
2018-10-11 18:26:24 -07:00
766f5875bf
Remove ericchiang from OWNERS files
...
Kept myself in the OpenID Connect ones for now.
2018-10-11 18:11:15 -07:00
bc3e3afc46
api changes for psp runasgroup policy
2018-10-09 17:32:09 -07:00
0f17e9ade6
Merge pull request #69386 from cblecker/go-1.11
...
Update to go1.11.1
2018-10-05 17:35:51 -07:00
563734faf7
fix vet error in plugin/pkg/admission/storage/persistentvolume/label/admission.go
...
plugin/pkg/admission/storage/persistentvolume/label/admission.go:173: Verbose.Info call has possible formatting directive %v
2018-10-05 15:54:23 -07:00
97b2992dc1
Update gofmt for go1.11
2018-10-05 12:59:38 -07:00
f3f46d5f5a
Moving the cloudprovider interface to staging.
...
Individual implementations are not yet being moved.
Fixed all dependencies which call the interface.
Fixed golint exceptions to reflect the move.
Added project info as per @dims and
https://github.com/kubernetes/kubernetes-template-project .
Added dims to the security contacts.
Fixed minor issues.
Added missing template files.
Copied ControllerClientBuilder interface to cp.
This allows us to break the only dependency on K8s/K8s.
Added TODO to ControllerClientBuilder.
Fixed GoDeps.
Factored in feedback from JustinSB.
2018-10-04 14:41:20 -07:00
f14271b27d
Merge pull request #69133 from yue9944882/refactor/externalize-namespace-admission-controller
...
Externalize namespace admission controller
2018-10-03 04:43:49 -07:00
c179a9c9df
Merge pull request #67356 from yliaog/master
...
Moved staging/src/k8s.io/client-go/tools/bootstrap to staging/src/k8s…
2018-10-02 20:35:51 -07:00
7bcdd8b55c
Merge pull request #62673 from jennybuckley/no-limitrange-on-pod-updates
...
Do not run limitrange admission plugin on pod update requests
2018-10-02 12:13:34 -07:00
fc21115c3f
Moved staging/src/k8s.io/client-go/tools/bootstrap to staging/src/k8s.io/cluster-bootstrap
2018-10-02 09:46:13 -07:00
8e6172dec2
Merge pull request #69062 from dghubble/add-configmap-get
...
Add configmap get to system:kube-controller-manager
2018-09-27 07:18:50 -07:00
083b92acf3
Set PriorityClassName when there's a default PirorityClass.
...
Signed-off-by: Da K. Ma <klaus1982.cn@gmail.com>
2018-09-27 15:26:13 +08:00
a097e23efc
namespace exists externalization
2018-09-27 13:24:15 +08:00
be7194e166
namespace autoprovision externalization
2018-09-27 12:11:02 +08:00
dfc3c83e64
Add configmap get to system:kube-controller-manager
...
* v1.12.x kube-controller-manager tries to get the
extension-apiserver-authentication ConfigMap by default
2018-09-26 22:03:27 +02:00
07e81cb8ff
Merge pull request #67831 from xmudrii/extern-exec
...
admission/exec: externalize exec admission controller
2018-09-26 09:55:05 -07:00
2042125a51
Merge pull request #67810 from yue9944882/refactor/externalize-podpreset
...
Propagate externalization to podpreset admission controller
2018-09-26 08:44:17 -07:00
055a816b2f
Merge pull request #67696 from yue9944882/chore/cleanup-limit-ranger-admission
...
Propagate externalization to limitranger admission controller
2018-09-26 07:24:11 -07:00
a67689dfca
Merge pull request #68245 from jingyih/remove_tagName_in_goDoc
...
*: Remove comment tags in GoDoc
2018-09-25 06:13:23 -07:00
0805860dba
Merge pull request #67870 from yue9944882/refactor/externalize-resource-quota-admission-controller
...
Externalize resource quota admission controller & controller reconciliation
2018-09-25 02:41:40 -07:00
38d2f05d52
Merge pull request #67842 from xmudrii/extern-priority
...
admission/priority: externalize priority admission controller
2018-09-25 01:27:31 -07:00
3f1b0cc511
Don't run limitranger admission plugin on pod update requests
2018-09-18 14:49:45 -07:00
61117761cd
*: Remove comment tags in GoDoc
...
Adding blank line between comment tag and package name in doc.go. So
that the comment tags such as '+k8s:deepcopy-gen=package' do not show up
in GoDoc.
2018-09-13 20:27:32 -07:00
4ca39ef0ed
Consolidated CSIDriver logic under CSIDriverRegistry flag
2018-09-10 13:34:40 -07:00
94d649b590
Rearranged feature flags
2018-09-07 17:45:27 -07:00
becc6a9c19
Implemented logic in kubelet for registering node info, including wiring to CSINodeInfo; added unit tests for node updates; updated RBAC, NodeAuthorizer, NodeRestriction.
2018-09-06 19:16:51 -07:00
dc6be0cbf1
Add new RBAC rules for CSIDriver
...
Nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
2018-09-05 21:01:32 -04:00
19c2538798
Merge pull request #67955 from jsafrane/csi-skip-attach-saad
...
Automatic merge from submit-queue (batch tested with PRs 68161, 68023, 67909, 67955, 67731). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md .
CSI: skip attach for non-attachable drivers
**What this PR does / why we need it**:
This is implementation of https://github.com/kubernetes/community/pull/2523 . CSI volumes that don't need attach/detach now don't need external attacher running.
WIP:
* contains #67803 to get CSIDriver API. Ignore the first commit.
* ~~missing e2e test~~
/sig storage
cc: @saad-ali @vladimirvivien @verult @msau42 @gnufied @davidz627
**Release note**:
```release-note
CSI volume plugin does not need external attacher for non-attachable CSI volumes.
```
2018-09-05 14:51:51 -07:00
d7c849969d
Merge pull request #68134 from yue9944882/chore/add-yue9944882-reviewer
...
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md .
Add yue9944882 as subproject reviewer (core admission/apiserver)
extend reviewer bandwidth 😃 am a super careful reviewer
i had contributed series of refactors for core admission controllers and apiserver launch flow.
/assign @deads2k
**Release note**:
```release-note
NONE
```
2018-09-05 10:55:18 -07:00
4e7eca7b31
Add new RBAC rules for CSIDriver
...
A/D controller and nodes need to watch CSIDrivers to know if they should send pod information
in NodePublish.
2018-09-05 10:15:43 -04:00
5186807587
Add TTL GC controller
2018-09-04 13:11:18 -07:00
0c59d4db32
Add RuntimeClass read permission for nodes
2018-08-31 18:22:13 -07:00
21d2377821
admission/priority: externalize priority admission controller
2018-08-31 15:33:37 +02:00
099f9a8ba2
add reviewer
2018-08-31 20:29:09 +08:00
c081c024c7
Merge pull request #67349 from mikedanese/trbeta
...
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md .
promote TokenRequest and projection to beta in 1.12
```release-note
TokenRequest and TokenRequestProjection are now beta features. To enable these feature, the API server needs to be started with the following flags:
* --service-account-issuer
* --service-account-signing-key-file
* --service-account-api-audiences
```
2018-08-30 20:09:42 -07:00
4c43d626f2
related test update
2018-08-29 10:30:16 +08:00
andrewsykim