kubernetes

mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-23 10:29:27 -04:00

Author	SHA1	Message	Date
Kubernetes Prow Robot	74f4ad5e38	Merge pull request #138698 from michaelasp/circuitBreaker Ensure leases are not stale in node controller before marking unhealthy	2026-05-05 23:34:21 +05:30
Michael Aspinwall	9991d72c6b	Add circuit breaker approach to ensure leases are not stale in node controller	2026-05-04 22:14:10 +00:00
Anish Ramasekar	b2e27e8986	Drop AuthorizeWithSelectors feature gate Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2026-04-28 13:32:29 -07:00
Anish Ramasekar	b1c8bf1e32	Drop AuthorizeNodeWithSelectors feature gate Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2026-04-28 10:10:52 -07:00
Mujib Ahasan	b9b0ff440d	remove accidently commited file Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>	2026-04-04 12:53:30 +05:30
Antonio Ojea	adbf3b5aa5	Add granular authorization for DRA ResourceClaim status updates This commit introduces the DRAResourceClaimGranularStatusAuthorization feature gate (Beta in 1.36) to enforce fine-grained authorization checks on ResourceClaim status updates. Previously, 'update' permission on 'resourceclaims/status' allowed modifying the entire status. To enforce the principle of least privilege for DRA drivers and the scheduler, this change introduces synthetic subresources and verb prefixes: - 'resourceclaims/binding': Required to update 'status.allocation' and 'status.reservedFor'. - 'resourceclaims/driver': Required to update 'status.devices'. Evaluated on a per-driver basis using 'associated-node:<verb>' (for node-local ServiceAccounts) or 'arbitrary-node:<verb>' (for cluster-wide controllers).	2026-03-26 13:22:09 +00:00
Antoni Zawodny	59c9f75133	Add Workload-Aware Preemption fields to Workload and PodGroup APIs Co-authored-by: Omar Sayed <omarsayed@google.com>	2026-03-24 09:03:50 +01:00
Jon Huhn	d80f384b70	Workload API: PodGroup ResourceClaims (KEP-5729)	2026-03-22 14:52:45 -05:00
Kubernetes Prow Robot	15eaed180f	Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status KEP-5677: Add ResourcePoolStatusRequest API for DRA resource availability visibility	2026-03-21 08:16:13 +05:30
Heba	cf5ba01d13	KEP-5832: Implement PodGroup admission (#137464 ) * Add admission for podGroup Signed-off-by: helayoty <heelayot@microsoft.com> * Create workload object before podgroup Signed-off-by: helayoty <heelayot@microsoft.com> --------- Signed-off-by: helayoty <heelayot@microsoft.com>	2026-03-19 21:32:34 +05:30
Nour	30fe79df21	Add ResourcePoolStatusRequest controller, registry, and RBAC Implement the RPSR controller that watches ResourcePoolStatusRequest objects and aggregates pool status from DRA drivers. Add the API server registry (strategy, storage), handwritten validation, RBAC bootstrap policy for the controller, kube-controller-manager wiring, table printer columns, and storage factory registration.	2026-03-19 16:50:02 +02:00
Kubernetes Prow Robot	9d02f5f918	Merge pull request #137032 from helayoty/helayoty/5547-workload-job-integration KEP-5547: Implement Workload APIs integration with Job controller	2026-03-19 17:10:31 +05:30
helayoty	981a333927	Add admission plugin for update parallelism Signed-off-by: helayoty <heelayot@microsoft.com>	2026-03-18 22:32:57 +00:00
Roman Bednar	6c087b2724	add unused condition to persistent volume claims	2026-03-18 17:08:08 -04:00
helayoty	68e30095de	Implement Workload and PodGroup integration with Job controller Signed-off-by: helayoty <heelayot@microsoft.com>	2026-03-18 20:32:37 +00:00
helayoty	fc88e37288	Add admission plugin for PodGroup to add finalizer to every new object Signed-off-by: helayoty <heelayot@microsoft.com>	2026-03-18 15:28:14 +00:00
helayoty	0ef8d78d1d	Add new protection controller for PodGroup Signed-off-by: helayoty <heelayot@microsoft.com>	2026-03-18 15:27:17 +00:00
Kubernetes Prow Robot	e1be691e7f	Merge pull request #136043 from natasha41575/os_feasibility [InPlacePodVerticalScaling] create an admission plugin to perform the OS and node capacity checks	2026-03-18 03:23:39 +05:30
Natasha Sarkar	fd8c6d3e2e	add pod resize feasibility check admission plugin	2026-03-17 17:12:31 +00:00
Kubernetes Prow Robot	1817e10998	Merge pull request #136185 from tallclair/ndf-bitmap Optimize NodeDeclaredFeatures with a bitmap FeatureSet implementation	2026-03-14 06:37:34 +05:30
Antoni Zawodny	6511deadd8	Refactor Priority admission plugin	2026-03-13 12:21:37 +01:00
Tim Allclair	f91f641a65	Switch to bitmapped FeatureSet implementation.	2026-03-13 04:28:16 +00:00
Tim Allclair	e4521526b4	NodeDeclaredFeatures: Add global default NDF registry	2026-03-13 04:28:16 +00:00
Kubernetes Prow Robot	50e7571f48	Merge pull request #137669 from tallclair/push-vzwskkoluxyu plugin/pkg/admission/nodedeclaredfeatures OWNERS	2026-03-13 02:03:44 +05:30
Kubernetes Prow Robot	4e2bbc78bf	Merge pull request #137170 from pohly/dra-device-taints-beta DRA device taints: graduate to beta	2026-03-13 00:13:38 +05:30
Patrick Ohly	566dc7f3f3	DRA device taints: graduate to beta The fields become beta, enabled by default. DeviceTaintRule gets added to the v1beta2 API, but support for it must remain off by default because that API group is also off by default. The v1beta1 API is left unchanged. No-one should be using it anymore (deprecated in 1.33, could be removed now if it wasn't for reading old objects and version emulation). To achieve consistent validation, declarative validation must be enabled also for v1alpha3 (was already enabled for other versions). Otherwise, TestVersionedValidationByFuzzing fails: --- FAIL: TestVersionedValidationByFuzzing (0.09s) --- FAIL: TestVersionedValidationByFuzzing/resource.k8s.io/v1beta2,_Kind=DeviceTaintRule (0.00s) validation_test.go:109: different error count (0 vs. 1) resource.k8s.io/v1alpha3: <no errors> resource.k8s.io/v1beta2: "spec.taint.effect: Unsupported value: \"幤HxÒQP¹¬永唂ȳ垞ş]嘨鶊\": supported values: \"NoExecute\", \"NoSchedule\", \"None\"" ...	2026-03-12 18:26:02 +01:00
Tim Allclair	162be9e8ea	plugin/pkg/admission/nodedeclaredfeatures OWNERS	2026-03-12 16:51:03 +00:00
Kubernetes Prow Robot	38940f0222	Merge pull request #135297 from michaelasp/svmUpdateCRD Remove CRD stored versions from status upon SVM migration	2026-03-11 08:03:09 +05:30
Michael Aspinwall	d274e05cc9	Remove CRD stored versions from status upon SVM migration	2026-03-11 00:50:27 +00:00
Richa Banker	a902b8ffdc	Graduate ComponentFlagz feature gate to Beta	2026-03-10 09:50:16 -07:00
Kubernetes Prow Robot	ec451e29ab	Merge pull request #137384 from richabanker/statusz-beta Graduate ComponentStatusz feature gate to Beta	2026-03-10 19:29:28 +05:30
Antoni Zawodny	3f094dc228	Create Workload API v1alpha2 (#136976 ) * Drop WorkloadRef field and introduce SchedulingGroup field in Pod API * Introduce v1alpha2 Workload and PodGroup APIs, drop v1alpha1 Workload API Co-authored-by: yongruilin <yongrlin@outlook.com> * Run hack/update-codegen.sh * Adjust kube-scheduler code and integration tests to v1alpha2 API * Drop v1alpha1 scheduling API group and run make update --------- Co-authored-by: yongruilin <yongrlin@outlook.com>	2026-03-10 07:59:10 +05:30
Richa Banker	682570580d	Graduate ComponentStatusz feature gate to Beta	2026-03-09 15:00:26 -07:00
Kubernetes Prow Robot	090693bd79	Merge pull request #137497 from atombrella/feature/modernize_activate_forvar Lint: Activate modernize/forvar rule in golangci-lint.	2026-03-09 14:01:11 +05:30
Mads Jensen	dd32d7c324	Lint: Activate modernize/forvar rule in golangci-lint.	2026-03-06 21:36:05 +01:00
Kubernetes Prow Robot	f5bafe93ac	Merge pull request #135048 from yliaog/beta_promo DRA Extended Resource: promote to Beta in 1.36	2026-03-07 01:12:19 +05:30
Richa Banker	426bb7cded	Fix auth registration for statusz and flagz Co-authored-by: Jordan Liggitt <jordan@liggitt.net>	2026-03-05 16:31:27 -08:00
Kubernetes Prow Robot	85e4e386d4	Merge pull request #137171 from liggitt/component-helpers-deps Clean up direct external dependencies from component-helpers	2026-02-24 02:23:35 +05:30
Jordan Liggitt	4ab6ae2a59	Drop direct use of github.com/stretchr/testify in component-helpers	2026-02-20 14:50:15 -05:00
yliao	80b9ee1abc	fix unit test	2026-02-20 18:44:25 +00:00
Jordan Liggitt	2c9ccde2d0	Make quota evaluators in admission conditional on enabled resources	2026-02-20 11:34:33 -05:00
Davanum Srinivas	550cc8645b	Move dump package from apimachinery to k8s.io/utils Replace all imports of k8s.io/apimachinery/pkg/util/dump with k8s.io/utils/dump across the repo. The apimachinery dump package now contains deprecated wrapper functions that delegate to k8s.io/utils/dump for backwards compatibility. Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2026-02-12 07:34:19 -05:00
carlory	46727c48eb	remove portworx from in-tree volume plugins Signed-off-by: carlory <baofa.fan@daocloud.io>	2026-01-19 11:35:30 +08:00
carlory	f8e8e55f1d	locked the feature-gate VolumeAttributesClass to default (true) and switch storage version from v1beta1 to v1 Signed-off-by: carlory <baofa.fan@daocloud.io>	2025-12-18 15:59:33 +08:00
Kubernetes Prow Robot	43cfcac7cc	Merge pull request #135434 from yliaog/quota_abuse Fixes the loophole that allows users to workaround resource quota set by system admin	2025-12-17 22:35:28 -08:00
yliao	3e34de29c4	fixed the loophole that allows user to get around resource quota set by system admin	2025-12-18 00:56:20 +00:00
carlory	34700d6605	add Workload permissions to view, edit and admin clusterroles Signed-off-by: carlory <baofa.fan@daocloud.io>	2025-11-24 17:03:00 +08:00
Heba	aceb89debc	KEP-5471: Extend tolerations operators (#134665 ) * Add numeric operations to tolerations Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * code review feedback Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * add default feature gate Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * Add integration tests Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * Add toleration value validation Signed-off-by: Heba Elayoty <heelayot@microsoft.com> * Add validate options for new operators Signed-off-by: helayoty <heelayot@microsoft.com> * Remove log Signed-off-by: helayoty <heelayot@microsoft.com> * Update feature gate check Signed-off-by: helayoty <heelayot@microsoft.com> * emove IsValidNumericString func Signed-off-by: helayoty <heelayot@microsoft.com> * Implement IsDecimalInteger Signed-off-by: helayoty <heelayot@microsoft.com> * code review feedback Signed-off-by: helayoty <heelayot@microsoft.com> * Add logs to v1/toleration Signed-off-by: Heba Elayoty <heelayot@microsoft.com> Signed-off-by: helayoty <heelayot@microsoft.com> * Update integration tests and address code review feedback Signed-off-by: helayoty <heelayot@microsoft.com> * Add feature gate to the scheduler framework Signed-off-by: helayoty <heelayot@microsoft.com> * Remove extra test Signed-off-by: helayoty <heelayot@microsoft.com> * Fix integration test Signed-off-by: helayoty <heelayot@microsoft.com> * pass feature gate via TolerationsTolerateTaint Signed-off-by: helayoty <heelayot@microsoft.com> --------- Signed-off-by: Heba Elayoty <heelayot@microsoft.com> Signed-off-by: helayoty <heelayot@microsoft.com>	2025-11-10 12:42:54 -08:00
Maciej Skoczeń	4a067cc022	Add read Workload permissions to kube-scheduler	2025-11-06 10:47:30 +00:00
Kubernetes Prow Robot	b869afe68d	Merge pull request #133389 from pravk03/node-capabilities Introduce node declared features framework	2025-11-06 01:32:54 -08:00

1 2 3 4 5 ...

3465 commits