Automatic merge from submit-queue
Allow shareable resources for admission control plugins.
Changes allow admission control plugins to share resources. This is done via new PluginInitialization structure. The structure can be extended for other resources, for now it is an shared informer for namespace plugins (NamespiceLifecycle, NamespaceAutoProvisioning, NamespaceExists).
If a plugins needs some kind of shared resource e.g. client, the client shall be added to PluginInitializer and Wants methods implemented to every plugin which will use it.
Automatic merge from submit-queue
Improve scheduler throughput
Ref #28590
This improves scheduler throughput by another 10-15%.
@davidopp @kubernetes/sig-scheduling
Automatic merge from submit-queue
Return (bool, error) in Authorizer.Authorize()
Before this change, Authorize() method was just returning an error, regardless of whether the user is unauthorized or whether there is some other unrelated error. Returning boolean with information about user authorization and error (which should be unrelated to the authorization) separately will make it easier to debug.
Fixes#27974
Automatic merge from submit-queue
Func note not consistent with real fun name
File "plugin\pkg\webhook.go", line #41 :
"// New creates a new GenericWebhook from the provided kubeconfig file."
Here "New" not consistant with real fun name "NewGenericWebhook" in line #42 :
"func NewGenericWebhook(kubeConfigFile string, groupVersions []unversioned.GroupVersion, initialBackoff time.Duration) (*GenericWebhook, error) {"
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.
Fixes#27974
Automatic merge from submit-queue
authorize based on user.Info
Update the `authorization.Attributes` to use the `user.Info` instead of discrete getters for each piece.
@kubernetes/sig-auth
Automatic merge from submit-queue
First step of optimizing PodAffinity priority function
Ref #26144
This is obviously only a first step - I will continue working on this code. However, this is changing the general scheme of computations to what is described in: https://github.com/kubernetes/kubernetes/issues/26144#issuecomment-232612384
Automatic merge from submit-queue
Optimise the process of the CalculateSpreadPriority in selector_spreading.go
It had better inspect if the nodeLister is normal first in the CalculateSpreadPriority in selector_spreading.go. If the nodeLister.List return error, the function return directly, not need deal the serviceLister and controllerLister and replicaSetLister.
Automatic merge from submit-queue
rbac authorizer: cleanups to rule evaluation for non-resource URLs
An few oversights in the RBAC authorizer. Fixes#28291 and permits non-resource URLs to use stars in the path. E.g. ("/apis/*").
cc @liggitt @kubernetes/sig-auth
Wojciech Tyczynski
