scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
121,947 Commits 1 Branch 0 Tags
ae01c2126fa705734e3cdb9a3a6516552be7dffe
Commit Graph

451 Commits

Author SHA1 Message Date
Tim Hockin
ae01c2126f Remove the gate "SkipReadOnlyValidationGCE" 
One less GCE-specifc wart in the codebase.
 2024-04-06 15:11:20 -07:00
Akihiro Suda
8db07446f1 api: validate RecursiveReadOnlyMounts 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 02:59:30 +09:00
Kubernetes Prow Robot
9ad2aabc64 Merge pull request #123520 from haircommander/proc-mount-rely-userns-2 
KEP-4265: Update Unmasked ProcMountType to fail validation without a pod level user namespace
 2024-03-07 18:21:08 -08:00
Peter Hunt
23706cb90c api validation: validate proc mount against user namespace 
fail if container uses proc mount unmasked but pod does not use user namespace

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-03-07 15:56:06 -05:00
Kubernetes Prow Robot
bd25605619 Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API
 2024-03-06 15:35:14 -08:00
Tim Allclair
2d86cbf261 Separate feature-gate for AppArmor fields 2024-03-06 10:46:32 -08:00
Tim Allclair
22068e0cc7 Validate annotation & field match in PodTemplate 2024-03-06 10:46:31 -08:00
Tim Allclair
06caf32ecd Validate localhost profile max length 2024-03-06 10:46:31 -08:00
Tim Allclair
0eb5f52d06 Rename AppArmor annotation constants with Deprecated 2024-03-06 10:46:31 -08:00
Kubernetes Prow Robot
87f9b3891e Merge pull request #123385 from HirazawaUi/allow-special-characters 
Allow almost all printable ASCII characters in environment variables
 2024-03-05 17:31:06 -08:00
Tim Allclair
ec325b328d Match annotations against pod AppArmor field 2024-03-05 12:22:50 -08:00
Tim Allclair
289ec02e8b Implement version skew strategy 2024-03-05 12:22:50 -08:00
Tim Allclair
94927afb50 AppArmor API changes 2024-03-05 12:02:43 -08:00
HirazawaUi
e56240b2e1 add validation method at the top level 2024-03-05 17:09:10 +08:00
Kubernetes Prow Robot
a76a3e031f Merge pull request #123487 from gauravkghildiyal/kep-4444 
Introduce trafficDistribution field for Kubernetes Services
 2024-03-04 20:07:15 -08:00
Kubernetes Prow Robot
e4ee7b005c Merge pull request #123323 from gjkim42/add-ValidateInitContainerStateTransition 
Validate restartable init container state transition
 2024-03-04 16:21:30 -08:00
Gaurav Ghildiyal
996d11d4e8 Add new field trafficDistribution to Service spec 2024-03-03 22:34:17 -08:00
Wei Huang
01db4ae9e7 Graduate PodSchedulingReadiness to stable 2024-02-28 23:18:44 -08:00
Gunju Kim
a24f2c1192 Validate restartable init container state transition 
This allows the state of restartable init containers to be transitioned
from terminated to non-terminated even for pods with RestartPolicyNever
or RestartPolicyOnFailure.
 2024-02-26 20:47:40 +09:00
Dan Winship
593b1c6c63 Do service.spec.LoadBalancerSourceRanges validation inline 
Inline the LoadBalancerSourceRanges parsing to make it more obvious
what it's requiring (and more importantly, *not* requiring), and
change it to use IsValidCIDR as well.
 2024-02-09 10:43:20 -05:00
Dan Winship
7a56b6e3f7 Add validation.IsValidCIDR 
Move apivalidation.ValidateCIDR to apimachinery, and rename it and
change its return value to match the other functions.

Also, add unit tests.

(Also, while updating NetworkPolicy validation for the API change, fix
a variable name that implied that IPBlock.Except[] is IP-valued rather
than CIDR-valued.)
 2024-02-07 09:48:01 -05:00
Kubernetes Prow Robot
052bce26f4 Merge pull request #122931 from danwinship/ip-validation-cleanup 
consistently use IsValidIP for IP validation
 2024-02-06 15:58:15 -08:00
zhangchao
7972f0309c Fix service account token projected volume validation 
Signed-off-by: zhangchao <zchao9100@gmail.com>
 2024-01-23 23:03:37 +08:00
Dan Winship
1d59d6b6c6 Use validation.IsValidIP in a few more places 
Rather than using netutils.ParseIPSloppy directly.

Also fix the field paths in the errors for pod.spec.hostAliases to
include the array index.
 2024-01-23 09:10:35 -05:00
Dan Winship
519dd6887d Make validation.IsValidIP return a field.ErrorList for consistency 2024-01-23 09:08:27 -05:00
Taahir Ahmed
ecfdc8fda5 Define ClusterTrustBundlePEM projected volume 
This commit defines the ClusterTrustBundlePEM projected volume types.
These types have been renamed from the KEP (PEMTrustAnchors) in order to
leave open the possibility of a similar projection drawing from a
yet-to-exist namespaced-scoped TrustBundle object, which came up during
KEP discussion.

* Add the projection field to internal and v1 APIs.
* Add validation to ensure that usages of the project must specify a
  name and path.
* Add TODO covering admission control to forbid mirror pods from using
  the projection.

Part of KEP-3257.
 2023-11-03 11:40:48 -07:00
Kubernetes Prow Robot
dba565193c Merge pull request #121104 from carlory/kep-3751-api-changes 
[KEP-3571] introduce the VolumeAttributesClass API
 2023-10-31 20:23:50 +01:00
Kubernetes Prow Robot
418e9d08a4 Merge pull request #120592 from AxeZhan/validation_sets 
Use generic set in package "/pkg/apis/core/validation"
 2023-10-31 19:16:02 +01:00
carlory
ae90a69677 volumeattributesclass and core api changes 2023-10-31 11:18:56 +08:00
AxeZhan
070e7a38cb generic set 2023-10-28 15:31:28 +08:00
Paco Xu
36d6917ae1 valid error for creation and update from valid to invalid only 
- using an option AllowNamespacedSysctlsForHostNetAndHostIPC

Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-10-28 06:58:54 +08:00
Paco Xu
9a8ccdebc5 use sysctl utils to do pod spec validation 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-10-28 06:58:51 +08:00
Paco Xu
4321652d13 reject pod creation for hostNet pod with net sysctl; hostIPC pod with ipc sysctl 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-10-28 06:58:28 +08:00
Kubernetes Prow Robot
6d7d249372 Merge pull request #121077 from chrishenzie/readwriteoncepod-ga 
Graduate ReadWriteOncePod to GA
 2023-10-24 05:26:05 +02:00
Kubernetes Prow Robot
441d4b54ae Merge pull request #120397 from ty-dc/StaticCheck 
cleanup: omit comparison with bool constants
 2023-10-24 05:25:52 +02:00
Chris Henzie
2dbd405583 Graduate ReadWriteOncePod to GA 2023-10-20 10:40:39 -07:00
Kensei Nakada
d5d3c26337 feature(scheduler): implement matchLabelKeys in PodAffinity and PodAntiAffinity 2023-10-18 11:28:02 +00:00
AxeZhan
fa01dfdb0a validation 2023-10-15 13:55:08 +08:00
Kubernetes Prow Robot
e606314f2f Merge pull request #118768 from killshotrevival/master 
Fail validation if container restart policy is 'Never' and resource resize restart policy isn't 'NotRequired'
 2023-10-15 04:13:34 +02:00
Kubernetes Prow Robot
a2cc9db02f Merge pull request #119665 from vinaykul/getpodqos-optimization 
Perf optimization: GetPodQOS() returns persisted value of PodStatus.QOSClass, if set.
 2023-10-12 06:48:26 +02:00
carlory
5fcffcf4e4 Add APIGroup ratcheting validation to PVC.DataSource 2023-09-13 13:10:22 +08:00
tao.yang
b35357b6c0 cleanup: omit comparison with bool constants 
Signed-off-by: tao.yang <tao.yang@daocloud.io>
 2023-09-05 10:24:38 +08:00
Quan Tian
2b69daa960 Allow specifying ExternalTrafficPolicy for ClusterIP Services with ExternalIPs 
When defining a ClusterIP Service, we can specify externalIP, and the
traffic policy of externalIP is subject to externalTrafficPolicy.
However, the policy can't be set when type is not NodePort or
LoadBalancer, and will default to Cluster when kube-proxy processes the
Service.

This commit updates the defaulting and validation of Service to allow
specifying ExternalTrafficPolicy for ClusterIP Services with
ExternalIPs.

Signed-off-by: Quan Tian <qtian@vmware.com>
 2023-08-30 23:56:47 +08:00
Tim Hockin
a930892769 Gate: disallow .status.loadBalancer on non-LB svc 
The fact that the .status.loadBalancer field can be set while .spec.type
is not "LoadBalancer" is a flub.  Any spec update will already clear
.status.ingress, so it's hard to really rely on this.  After this
change, updates which try to set this combination will fail validation.

Existing cases of this will not be broken.  Any spec/metadata update
will clear it (no error) and this is the only stanza of status.

New gate "AllowServiceLBStatusOnNonLB" is off by default, but can be
enabled if this change actually breaks someone, which seems exceeedingly
unlikely.
 2023-08-20 16:40:41 -07:00
Aohan Yang
3ac2899d2b Add IP mode field 2023-08-14 11:24:49 +08:00
Mark Rossetti
0d90d1ffa5 Revert "Merge pull request #118895 from RyanAoh/kep-1860" 
This reverts commit 890a6c8f70, reversing
changes made to 4f60a8d493.
 2023-08-09 15:51:20 -07:00
vinay kulkarni
4063ca4050 Code review fix: Move GetPodQOS code to ComputePodQOS. If set, return PodStatus.QOSClass from GetPodQOS. 2023-08-07 14:47:37 +00:00
vinay kulkarni
5d4410b960 Perf optimization: Move away from GetPodQOS, using PodStatus.QOSClass instead 2023-08-07 14:47:37 +00:00
Kubernetes Prow Robot
d17f3ba2cf Merge pull request #119168 from gjkim42/sidecar-allow-probes-and-lifecycle-hooks 
Allow all probes and lifecycle for restartable init containers
 2023-07-17 18:11:07 -07:00
Gunju Kim
3bf282652f Allow restartable init containers to have lifecycle 2023-07-18 08:12:24 +09:00