upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-22 10:00:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
136988 commits 61 branches 1227 tags 3.1 GiB
Commit graph

440 commits

Author SHA1 Message Date
Kubernetes Prow Robot
3fea8a2fef
Merge pull request #134947 from aojea/dra_status_check 
Fine-grained Authorization for ResourceClaim Status Updates
 2026-03-26 22:34:18 +05:30
Antonio Ojea
adbf3b5aa5
Add granular authorization for DRA ResourceClaim status updates 
This commit introduces the DRAResourceClaimGranularStatusAuthorization
feature gate (Beta in 1.36) to enforce fine-grained authorization checks
on ResourceClaim status updates.

Previously, 'update' permission on 'resourceclaims/status' allowed modifying
the entire status. To enforce the principle of least privilege for DRA
drivers and the scheduler, this change introduces synthetic subresources and
verb prefixes:

- 'resourceclaims/binding': Required to update 'status.allocation' and
  'status.reservedFor'.
- 'resourceclaims/driver': Required to update 'status.devices'. Evaluated
  on a per-driver basis using 'associated-node:<verb>' (for node-local
  ServiceAccounts) or 'arbitrary-node:<verb>' (for cluster-wide controllers).
 2026-03-26 13:22:09 +00:00
Kubernetes Prow Robot
b30567c744
Merge pull request #135828 from HirazawaUi/5607-alpha-2-stage 
Kubelet: Add alpha-2 stage implementation for UserNamespacesHostNetworkSupport feature gate
 2026-03-26 15:08:18 +05:30
Jordan Liggitt
0519b8e784
Revert "Switch PLEGOnDemandRelist default to false for 1.36" 
This reverts commit 4a69899d8b.
 2026-03-24 01:48:19 -04:00
Kubernetes Prow Robot
61d4e7ae86
Merge pull request #137684 from ndixita/ippr-plr-beta-enable 
[PodLevelResources] Graduate InPlacePodLevelResourcesVerticalScaling feature to beta
 2026-03-24 03:44:16 +05:30
Kubernetes Prow Robot
b5a943f629
Merge pull request #136989 from nojnhuh/podgroup-resourceclaim 
KEP-5729: DRA: ResourceClaim Support for Workloads
 2026-03-23 23:42:17 +05:30
Jon Huhn
d80f384b70 Workload API: PodGroup ResourceClaims (KEP-5729) 2026-03-22 14:52:45 -05:00
Kubernetes Prow Robot
553385a39c
Merge pull request #137544 from jrvaldes/upstream/1.36-nodelogquery-lock-defualt 
[FeatureGate] Promote NodeLogQuery to GA in  v1.36 and lock default to `true`
 2026-03-21 22:16:14 +05:30
Kubernetes Prow Robot
ef247770b5
Merge pull request #137190 from everpeace/KEP-5491-alpha 
KEP-5491: DRA: List Types for Attributes [Alpha]
 2026-03-21 14:18:12 +05:30
Jose Valdes
cda2805fa6
test: adjust NodeLogQuery feature enabled by default 2026-03-21 04:25:42 -04:00
Kubernetes Prow Robot
15eaed180f
Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status 
KEP-5677: Add ResourcePoolStatusRequest API for DRA resource availability visibility
 2026-03-21 08:16:13 +05:30
ndixita
3b5b845d27
Promote InPlacePodLevelResourcesVerticalScaling to beta 2026-03-20 20:45:39 +00:00
Kubernetes Prow Robot
08d246509c
Merge pull request #137904 from soltysh/disable_maxunavailable 
KEP-961: demote maxUnavailable feature in statefulset to off by default
 2026-03-20 18:04:16 +05:30
Maciej Szulik
f88289dc01
KEP-961: demote maxUnavailable feature in statefulset to off by default 
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
 2026-03-19 20:47:03 +01:00
Davanum Srinivas
4a69899d8b
Switch PLEGOnDemandRelist default to false for 1.36 2026-03-19 13:04:47 -04:00
Nour
29601b8628
Add ResourcePoolStatusRequest API types and generated code 
Introduce the ResourcePoolStatusRequest resource type in the
resource.k8s.io/v1alpha3 API group, gated behind the
DRAResourcePoolStatus feature gate. This includes external and internal
type definitions, protobuf/OpenAPI generated code, client-go typed
clients, informers, listers, apply configurations, deepcopy, defaults,
conversion, fuzzer, declarative validation tags, and API discovery
metadata.
 2026-03-19 16:49:56 +02:00
HirazawaUi
0ffc845789 Add alpha 2 phase implementation for UserNamespacesHostNetworkSupport 2026-03-19 22:37:01 +08:00
Kubernetes Prow Robot
ac10370ad2
Merge pull request #136987 from bitoku/kep-5825-cri 
[KEP-5825] cri-api: Add streaming RPCs for CRI list operations
 2026-03-19 18:28:39 +05:30
Kubernetes Prow Robot
9d02f5f918
Merge pull request #137032 from helayoty/helayoty/5547-workload-job-integration 
KEP-5547: Implement Workload APIs integration with Job controller
 2026-03-19 17:10:31 +05:30
Shingo Omura
81c0b9ce34
KEP-5491: add DRAListTypeAttributes feature gate with Alpha 2026-03-19 14:32:23 +09:00
Kubernetes Prow Robot
a439183755
Merge pull request #137352 from natasha41575/nonsidecarinitctrs 
[InPlacePodVerticalScaling] Relax validation to support in-place resizing non-sidecar initContainers
 2026-03-19 08:44:28 +05:30
Kubernetes Prow Robot
caecddc909
Merge pull request #134627 from briansonnenberg/brians-kubelet-pods-api 
[KEP-4188] New Kubelet gRPC API returning node-local Pod info
 2026-03-19 07:52:30 +05:30
Kubernetes Prow Robot
98bb6823a8
Merge pull request #137862 from gnufied/pvc-unused-since-condition 
Report PVC unused time via PVC condition
 2026-03-19 07:08:49 +05:30
Natasha Sarkar
d2dbd4c08d Define 'InPlacePodVerticalScalingInitContainers' feature gate 2026-03-19 00:43:43 +00:00
Kubernetes Prow Robot
bf1abbf2e9
Merge pull request #136355 from enj/enj/i/tls_cache_gc 
Add GC to client-go TLS cache
 2026-03-19 05:42:29 +05:30
Kubernetes Prow Robot
76a3d535a1
Merge pull request #136548 from mariafromano-25/psi-ga-update 
[KEP 4205] GA the KubeletPSI FeatureGate
 2026-03-19 04:54:28 +05:30
Brian Sonnenberg
960c317df4 fmt and ci fixes 2026-03-18 23:07:36 +00:00
Brian Sonnenberg
044f65ca5c [KEP-4188] New Kubelet gRPC API with endpoint returning local Pod information 2026-03-18 23:07:36 +00:00
Kubernetes Prow Robot
7a3a6cf4be
Merge pull request #136725 from pravk03/native-dra-2 
Introduce support of DRA for Native Resources
 2026-03-19 03:36:38 +05:30
Monis Khan
fa9a1fe5f7
Add GC to client-go TLS cache 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2026-03-18 17:24:33 -04:00
Roman Bednar
6c087b2724 add unused condition to persistent volume claims 2026-03-18 17:08:08 -04:00
helayoty
cbb4ca0848
Add EnableWorkloadWithJob feature gate 
Signed-off-by: helayoty <heelayot@microsoft.com>
 2026-03-18 20:32:36 +00:00
Ayato Tokubi
3256f5175f cri-api: Add streaming RPCs for CRI list operations 
Add server-side streaming RPCs to bypass the gRPC 16MB message size
limit on nodes with many containers/pods. This implements KEP-5825.

New RuntimeService streaming RPCs:
- StreamPodSandboxes
- StreamContainers
- StreamContainerStats
- StreamPodSandboxStats
- StreamPodSandboxMetrics

New ImageService streaming RPC:
- StreamImages

Each streaming RPC accepts the same filter as its unary counterpart
and streams results one item at a time.

Feature gate: CRIListStreaming
KEP: https://kep.k8s.io/5825

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
 2026-03-18 16:32:49 +00:00
Maria Romano
0ce4a7003b fixed merge conflicts; prev msg: ran hack/update-featuregates.sh 2026-03-18 16:19:34 +00:00
Joe Betz
15ad8cbb69
Add status field wiping to ServiceCIDR with opt-out FG 
# Conflicts:
#	test/compatibility_lifecycle/reference/feature_list.md
#	test/compatibility_lifecycle/reference/versioned_feature_list.yaml
 2026-03-18 10:59:54 -04:00
Praveen Krishna
cdfa045414 Add DRANodeAllocatableResources feature gate 2026-03-18 14:18:28 +00:00
Tsubasa Watanabe
6bf9cd5053 DRA Device Binding Conditions: run make update 
Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
 2026-03-18 13:44:11 +09:00
Maria Romano
9149d3f9eb lock psi feature for ga 2026-03-18 03:47:43 +00:00
Kubernetes Prow Robot
547b17cc13
Merge pull request #137293 from adrianmoisey/adrian-kep-5707 
KEP-5707: Deprecate Service.spec.externalIPs
 2026-03-18 05:19:54 +05:30
Jefftree
d43dc1abd8 generated: regenerate proto, openapi, deepcopy, conversion, and testdata 2026-03-17 16:44:16 -04:00
Kubernetes Prow Robot
63e50efa0a
Merge pull request #137350 from mortent/PartitionableDevicesToBeta 
Promote DRAPartitionableDevices to beta
 2026-03-17 07:27:36 +05:30
Kubernetes Prow Robot
5edaecfa53
Merge pull request #137609 from enj/enj/f/constrained_impersonation_beta 
KEP-5284: promote constrained impersonation to beta
 2026-03-17 06:35:36 +05:30
Kubernetes Prow Robot
040ca59611
Merge pull request #137454 from haircommander/proc-mount-ga 
KEP-4265: feature: promote ProcMountType to GA
 2026-03-15 07:57:34 +05:30
Kubernetes Prow Robot
95365ff478
Merge pull request #134768 from KevinTMtz/pod-level-resource-managers-5526 
[PodLevelResourceManagers] Pod Level Resource Managers - Alpha
 2026-03-14 08:45:35 +05:30
Peter Hunt
539352eddd feature: promote ProcMountType to GA 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2026-03-13 12:27:16 -04:00
Morten Torkildsen
5c6122847f Run update-featuregates 2026-03-13 15:51:48 +00:00
Kubernetes Prow Robot
eb15e2767f
Merge pull request #137362 from tallclair/on-demand-relist 
On-demand per-pod PLEG Relist
 2026-03-13 06:15:40 +05:30
Kubernetes Prow Robot
4e2bbc78bf
Merge pull request #137170 from pohly/dra-device-taints-beta 
DRA device taints: graduate to beta
 2026-03-13 00:13:38 +05:30
Patrick Ohly
7d2781a0c3 DRA device taints: generated files 2026-03-12 18:26:03 +01:00
Kubernetes Prow Robot
f7f694e5e0
Merge pull request #136792 from rata/userns-goes-ga 
feature: Migrate UserNamespacesSupport to GA
 2026-03-12 21:57:36 +05:30