kubernetes

mirror of https://github.com/outbackdingo/kubernetes.git synced 2026-01-27 10:19:35 +00:00

Author	SHA1	Message	Date
yliao	34a64db2c7	extended resource backed by DRA: implementation	2025-07-29 18:55:21 +00:00
Rodrigo Campos	5f7e611f73	validation: Return error if hostUsers=false && volumeDevices Now if a pod tries to use user namespaces (hostUsers: false) and a volume device, it will see this error: $ kubectl apply -f pod.yaml ... * spec.ephemeralContainers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false * spec.initContainers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false * spec.containers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false Note that if a pod is already created with volumeDevices and userns, then we allow modifications to that object. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>	2025-07-28 16:54:08 +02:00
Kubernetes Prow Robot	3fd1251165	Merge pull request #131089 from KevinTMtz/pod-level-hugepage-cgroups [PodLevelResources] Propagate Pod level hugepage cgroup to containers	2025-07-24 19:08:26 -07:00
Kubernetes Prow Robot	26045b2fab	Merge pull request #132642 from yuanwang04/restart-rules Implement container restart policy rules	2025-07-24 16:44:51 -07:00
Kubernetes Prow Robot	63011fe547	Merge pull request #132277 from KevinTMtz/pod-level-resources-eviction-manager [PodLevelResources] Pod Level Resources Eviction Manager	2025-07-24 16:44:34 -07:00
Kevin Torres	9f5b09eb7b	Unit test pod level hugepage Default and Validation logic	2025-07-24 21:29:04 +00:00
Kevin Torres	13b122b6ff	Unit tests for pod level resources eviction manager	2025-07-24 17:07:09 +00:00
Kevin Torres	9a3ca05f6b	Use pod level resources for eviction manager	2025-07-24 17:07:05 +00:00
Yuan Wang	af595a44ae	Add container restart rules to API	2025-07-24 16:49:52 +00:00
Patrick Ohly	cff91579e8	DRA API: v1 registration + tests	2025-07-24 08:30:25 +02:00
HirazawaUi	c35e4ad2b2	add codes for drop disabled pod fields	2025-07-23 22:57:12 +08:00
Bing Hongtao	6f3b6b91f0	KEP-3721: Support for env files (#132626 ) * Add FileKeyRef field and struct to the Pod API * Add the implementation code in the kubelet. * Add validation code * Add basic functionality e2e tests * add codes for drop disabled pod fields * update go.mod	2025-07-22 13:40:42 -07:00
Kubernetes Prow Robot	cc674e7470	Merge pull request #128010 from ahmedtd/pod-certificates-types Pod Certificates: Preliminary implementation of KEP-4317	2025-07-21 19:26:30 -07:00
Taahir Ahmed	4624cb9bb9	Pod Certificates: Basic implementation * Define feature gate * Define and serve PodCertificateRequest * Implement Kubelet projected volume source * kube-controller-manager GCs PodCertificateRequests * Add agnhost subcommand that implements a toy signer for testing Change-Id: Id7ed030d449806410a4fa28aab0f2ce4e01d3b10	2025-07-21 21:49:57 +00:00
Kubernetes Prow Robot	e0f20a38ed	Merge pull request #132912 from natasha41575/obsgen-beta Graduate PodObservedGenerationTracking to beta	2025-07-21 14:14:40 -07:00
Kubernetes Prow Robot	c297f38544	Merge pull request #132214 from Peac36/fix/131497 add warnings when creating headless service with specified load balan…	2025-07-21 14:14:26 -07:00
Nikola	43706d6b7a	add warnings when creating headless service with specified load balancer ip,external ips and/or session affinity Signed-off-by: Nikola <peac36@abv.bg>	2025-07-21 20:34:36 +03:00
Natasha Sarkar	8996e81fc8	fix unit tests	2025-07-21 16:46:07 +00:00
Kubernetes Prow Robot	ade9b7746a	Merge pull request #132595 from AxeZhan/ga3960 Graduate PodLifecycleSleepAction to GA	2025-07-19 13:22:39 -07:00
sreeram-venkitesh	00bf3b37a7	Graduate PodLifecycleSleepActionAllowZero to GA	2025-07-18 21:35:58 +05:30
Kubernetes Prow Robot	963a9acb6d	Merge pull request #131989 from tallclair/apparmor-cleanup Apparmor cleanup	2025-07-18 03:46:25 -07:00
Kubernetes Prow Robot	99f55ae4ef	Merge pull request #132662 from gnufied/bump-recovery-feature-ga Bump recovery feature ga	2025-07-17 17:10:25 -07:00
Tim Allclair	5f829195e6	Only warn when AppArmor annotation doesn't match pod field	2025-07-17 14:46:47 -07:00
Tim Allclair	e417232f92	Warn when using AppArmor annotations with a pod field	2025-07-17 14:07:35 -07:00
Tim Allclair	3ecb3d230f	Remove unused appArmor*InUse functions	2025-07-17 14:07:35 -07:00
Cici Huang	a3ecea296c	manual change	2025-07-15 01:44:13 +00:00
Hemant Kumar	c126870ebc	Bump RecoverVolumeExpansionFailure to GA	2025-07-10 12:19:31 -04:00
Kubernetes Prow Robot	41477c9748	Merge pull request #132361 from yongruilin/master_vg_enable-csr Enable Declarative Validation for CertificateSigningRequest	2025-07-07 17:05:25 -07:00
PatrickLaabs	baf71997f5	chore: depr. pointer pkg replacement for pkg/controller	2025-07-07 13:22:36 +02:00
Kubernetes Prow Robot	3d6e49e3c2	Merge pull request #132738 from ylink-lfs/chore/api_pod_utilpointer_removal chore: remove utilpointer usage in pkg/api/pod	2025-07-05 21:55:25 -07:00
ylink-lfs	995a7872c5	chore: remove utilpointer usage in pkg/api/pod	2025-07-06 11:34:27 +08:00
Tsubasa Nagasawa	0ad351281b	Cleanup duplicate function to get port number from named port Currently, the function to translate named port to port number is located in two places (pod utils and endpointslice lib). When fixing the bug in restartable init containers, one part of the code was fixed, but the other part was not, leaving the bug unresolved. To prevent such partial fixes in the future, we will make the function in the endpointslice lib public and remove the other part of the code from pod utils. Then consume the endpointslice lib in k/k. Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>	2025-07-05 10:03:30 +09:00
AxeZhan	dcbed2fbdc	Graduate PodLifecycleSleepAction to GA	2025-07-02 09:37:14 +08:00
yongruilin	5d4a85f9f6	Enable versioned validation fuzz testing for certificates v1/v1alpha1/v1beta1 group	2025-07-01 16:13:56 +00:00
Kubernetes Prow Robot	bc9a78479f	Merge pull request #132465 from yongruilin/master_vg_fix-fuzz-test fix: versioned validation test avoid incorrect conversion	2025-06-30 20:58:29 -07:00
yongruilin	a55318fe14	fix: versioned validation test avoid incorrect conversion	2025-06-30 23:11:49 +00:00
Kubernetes Prow Robot	b7c9333f5c	Merge pull request #131837 from sreeram-venkitesh/static-pod-strict-validation-for-api-object-reference Deny pod admission for static pods referencing API objects	2025-06-26 12:18:30 -07:00
sreeram-venkitesh	f9a5aec318	Added unit tests	2025-06-25 23:59:44 +05:30
sreeram-venkitesh	5390f75360	Added podutil.HasAPIObjectReference to deny admission for static pods referencing API objects	2025-06-25 23:59:26 +05:30
Natasha Sarkar	7d85134cae	improve unit test coverage for pod observedGeneration	2025-06-25 17:18:07 +00:00
Filip Křepinský	bdfa8839be	calculateStatus should use the same now time point for each pod make IsPodAvailable time check inclusive	2025-06-14 18:39:15 +02:00
Joe Betz	5013938100	Change option to a slice	2025-06-05 18:24:06 -04:00
Joe Betz	9715c90b31	Clarify errors and improve tests	2025-05-23 21:47:09 -04:00
Joe Betz	7dc8660d03	Update testing to fully track subresources	2025-05-23 21:47:08 -04:00
Kubernetes Prow Robot	b587977f7c	Merge pull request #131445 from natasha41575/renameObservedGenHelperFns update godoc for and rename observedGeneration helpers	2025-05-14 11:39:19 -07:00
Keita Mochizuki	a3097010fa	Change the implementation design of matchLabelKeys in PodTopologySpread to be aligned with PodAffinity (#129874 ) * Change the implementation design of matchLabelKeys in PodTopologySpread to be aligned with PodAffinity * fix1	2025-05-07 13:01:15 -07:00
Kubernetes Prow Robot	4c0233b95c	Merge pull request #131264 from tallclair/container-util Add ContainerIter utility for ranging over pod containers	2025-05-05 14:02:48 -07:00
Jordan Liggitt	6bb6c99342	Drop null creationTimestamp from test fixtures	2025-05-02 15:38:40 -04:00
Natasha Sarkar	92359cdc69	update godoc for and rename observedGeneration helpers	2025-04-24 16:05:01 +00:00
Tim Allclair	5928fc0e60	Add ContainerIter utility for ranging over pod containers	2025-04-11 13:36:37 -07:00

1 2 3 4 5 ...

4204 Commits