- 05 Jan, 2017 32 commits
-
-
Jeff Grafton authored
-
Jeff Grafton authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue cluster/cl: move abac to rbac See #39092 We based off of GCI in the brief time where it was using abac. fixes #39395 cc @yifan-gu **Release note**: ```release-note NONE ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 39433, 39413) "Attach" function records information collation In the "attach" function, the log information, for the variable "instanceid", has been described as "node", as well as recorded as "instance", recorded as "instance" should be better.
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue move no k8s.io/kubernetes dependencies round 01 Builds on the previous, adds unit testing the staging dir. moves 1. pkg/healthz -> apiserver/pkg/healthz 2. pkg/util/flushwriter -> apiserver/pkg/util/flushwriter 3. pkg/auth/authenticator -> apiserver/pkg/authentication/authenticator 4. pkg/auth/authorizer -> apiserver/pkg/authorization/authorizer @sttts
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue add import cycle checking for staging to verify scripts Adds an import cycle check to verify scripts since we can't yet use import-boss. See https://github.com/kubernetes/gengo/pull/27 for details, but since the rule is very simple and global, this ought to provide sufficient protection. @kubernetes/sig-api-machinery-misc
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue snip pkg/util/strings dependency The `pkg/util/strings` package looks to be largely used by volumes, which are independent of the bits used by genericapiserver which aren't used by anyone else. This moves the single function (used no where else) to its point of use. @sttts
-
deads2k authored
-
deads2k authored
-
deads2k authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue selectively move to client-go packages selectively update some low hanging fruit to use client-go. @sttts
-
deads2k authored
-
deads2k authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 38766, 39291) fix kubectl set selector fix #39290
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue AWS: Add exponential backoff to waitForAttachmentStatus() and createTags() We should use exponential backoff while waiting for a volume to get attached/detached to/from a node. This will lower AWS load and reduce API call throttling. This partly fixes #33088 @justinsb, can you please take a look?
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 39435, 39454) Fix PDB by percentages for StatefulSet pods Previously, PDBs defined in terms of percentages would error out with StatefulSet as they did not know how to find the scale associated. This change teaches the disruption controller to also look at StatefulSets and their scale. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes/kubernetes/issues/39125 **Release note**: ```release-note Fix issue with PodDisruptionBudgets in which `minAvailable` specified as a percentage did not work with StatefulSet Pods. ``` cc @a-robinson @kow3ns @kubernetes/sig-apps-misc
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue Move apiserver cloudprovider dep into kubeapiserver
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue kubeadm token discovery URL may not have valid input for url.Parse **What this PR does / why we need it**: **Which issue this PR fixes**: fixes https://github.com/kubernetes/kubeadm/issues/95 **Special notes for your reviewer**: /cc @dgoodwin @luxas @mikedanese this is a WIP! Need a couple things: * decide token separator, `.` or `:` * define error handling in `token.go::37`
-
Dr. Stefan Schimanski authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue kubeadm: change etcd data dir to match host path. **What this PR does / why we need it**: Trivial change that adopts a well-known path for etcd data, following the `hostPath` defined. **Which issue this PR fixes**: Fixes https://github.com/kubernetes/kubeadm/issues/80 **Special notes for your reviewer**: /cc @luxas @kad
-
Paulo Pires authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue Check if key is a valid after prefix is prepended
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue Add unit tests for operation_executor Add unit test for `Unmount operations should start in parallel for all volume plugins` cc: @saad-ali
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 39311, 39226, 39445) use debs to build k8s docker images This puts the binaries in better paths and fixes compatibility issues.
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 39311, 39226, 39445) Make kubectl proxy accept empty path **What this PR does / why we need it**: The kubectl proxy previously returned 403 Forbidden: Unauthorized when receiving a request from e.g. "curl localhost:8001" or "curl localhost:8001/". The previous DefaultPathAcceptRE regex was wrong as it assumed the path in this case would be "/" (but it is actually ""). After someone runs kubectl proxy and tries accessing it with curl, they will probably just try hitting localhost:8001 (which returns an "Unauthorized" response) instead of say localhost:8001/api (which returns a proper response from the API server). Also, whoever previously modified the DefaultPathAcceptRE regex was obviously expecting the regex to accept requests for localhost:8001/ ```release-note fix issue with kubectl proxy so that it will proxy an empty path - e.g. http://localhost:8001 ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue Check if pathExists before performing Unmount Unmount operation should not fail if path does not exist Part two of: https://github.com/kubernetes/kubernetes/pull/38547 Plugins status captured here: https://github.com/kubernetes/kubernetes/issues/39251 cc: @saad-ali
-
Anirudh authored
-
Anirudh authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 36229, 39450) Bugfix on kubeadm join with non-token discovery. Without this change, using a non-token discovery mechanism during a join triggers a nil pointer panic (instead of an error message about not being implemented yet). CC @mikedanese **Release note**: ```release-note NONE ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 36229, 39450) Bump etcd to 3.0.14 and switch to v3 API in etcd. Ref #20504 **Release note**: ```release-note Switch default etcd version to 3.0.14. Switch default storage backend flag in apiserver to `etcd3` mode. ```
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue (batch tested with PRs 39408, 38981) Remove RBAC UserAll * Removes special handling of User * subjects in rolebinding matching evaluation * Converts v1alpha1 rolebindings to `User *` subjects to `Group system:authenticated` subjects for backwards compatibility ```release-note RBAC's special handling of the User subject named "*" in RoleBinding and ClusterRoleBinding objects is being deprecated and will be removed in v1beta1. Existing v1alpha1 role bindings to User "*" will be converted to the group "system:authenticated". To match unauthenticated requests, RBAC role bindings must explicitly bind to the group "system:unauthenticated". ```
-
Euan Kemp authored
See #39092 We based off of GCI in the brief time where it was using abac.
-
- 04 Jan, 2017 8 commits
-
-
Jacob Beacham authored
Without this change, using a non-token discovery mechanism during a join triggers a nil pointer panic (instead of an error message about not being implemented yet).
-
Mike Danese authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue Ensure invalid token returns 401 error, not 403 fixes #39267 If a user attempts to use a bearer token, and the token is rejected, the authenticator should return an error. This distinguishes requests that did not provide a bearer token (and are unauthenticated without error) from ones that attempted to, and failed.
-
deads2k authored
-
Michael Fraenkel authored
- Allow invalid keys to become valid by requiring a prefix
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue snip links from genericapiserver to api/validation We had a trip dependency on `pkg/api/validation` through `pkg/api/rest` which is used for RESTStorage. This splits the generic validation required for a genericapiserver out from the rest of validation. For now, functions still delegate. @sttts
-
Jordan Liggitt authored
-
Kubernetes Submit Queue authored
Automatic merge from submit-queue Adding test-federation-cmd.sh to test kubectl with federation apiserver There are 2 parts to the PR: * Adding ability to run kubectl tests for a subset of resources. * Adding test-federation-cmd.sh that runs kubectl tests for resources that are supported by federation-apiserver. cc @kubernetes/sig-federation @kubernetes/sig-api-machinery ```release-note Adding kubectl tests for federation ```
-