upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-04-13 21:36:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
133071 commits 61 branches 1218 tags 2.8 GiB
Commit graph

365 commits

Author SHA1 Message Date
Tim Allclair
4986abe0b8 Automated refactoring to use SetFeatureGatesDuringTest 2025-10-01 21:10:53 -07:00
yliao
34a64db2c7 extended resource backed by DRA: implementation 2025-07-29 18:55:21 +00:00
Rodrigo Campos
5f7e611f73 validation: Return error if hostUsers=false && volumeDevices 
Now if a pod tries to use user namespaces (hostUsers: false) and a
volume device, it will see this error:
	$ kubectl apply -f pod.yaml
	...
	* spec.ephemeralContainers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false
	* spec.initContainers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false
	* spec.containers[0].volumeDevices: Forbidden: when `pod.Spec.HostUsers` is false

Note that if a pod is already created with volumeDevices and userns,
then we allow modifications to that object.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-07-28 16:54:08 +02:00
Yuan Wang
af595a44ae Add container restart rules to API 2025-07-24 16:49:52 +00:00
HirazawaUi
c35e4ad2b2 add codes for drop disabled pod fields 2025-07-23 22:57:12 +08:00
Bing Hongtao
6f3b6b91f0
KEP-3721: Support for env files (#132626) 
* Add FileKeyRef field and struct to the Pod API

* Add the implementation code in the kubelet.

* Add validation code

* Add basic functionality e2e tests

* add codes for drop disabled pod fields

* update go.mod
 2025-07-22 13:40:42 -07:00
Kubernetes Prow Robot
cc674e7470
Merge pull request #128010 from ahmedtd/pod-certificates-types 
Pod Certificates: Preliminary implementation of KEP-4317
 2025-07-21 19:26:30 -07:00
Taahir Ahmed
4624cb9bb9 Pod Certificates: Basic implementation 
* Define feature gate
* Define and serve PodCertificateRequest
* Implement Kubelet projected volume source
* kube-controller-manager GCs PodCertificateRequests
* Add agnhost subcommand that implements a toy signer for testing

Change-Id: Id7ed030d449806410a4fa28aab0f2ce4e01d3b10
 2025-07-21 21:49:57 +00:00
Kubernetes Prow Robot
e0f20a38ed
Merge pull request #132912 from natasha41575/obsgen-beta 
Graduate PodObservedGenerationTracking to beta
 2025-07-21 14:14:40 -07:00
Natasha Sarkar
8996e81fc8 fix unit tests 2025-07-21 16:46:07 +00:00
Kubernetes Prow Robot
ade9b7746a
Merge pull request #132595 from AxeZhan/ga3960 
Graduate PodLifecycleSleepAction to GA
 2025-07-19 13:22:39 -07:00
sreeram-venkitesh
00bf3b37a7 Graduate PodLifecycleSleepActionAllowZero to GA 2025-07-18 21:35:58 +05:30
Tim Allclair
5f829195e6 Only warn when AppArmor annotation doesn't match pod field 2025-07-17 14:46:47 -07:00
Tim Allclair
e417232f92 Warn when using AppArmor annotations with a pod field 2025-07-17 14:07:35 -07:00
Tim Allclair
3ecb3d230f Remove unused appArmor*InUse functions 2025-07-17 14:07:35 -07:00
ylink-lfs
995a7872c5 chore: remove utilpointer usage in pkg/api/pod 2025-07-06 11:34:27 +08:00
AxeZhan
dcbed2fbdc Graduate PodLifecycleSleepAction to GA 2025-07-02 09:37:14 +08:00
sreeram-venkitesh
f9a5aec318 Added unit tests 2025-06-25 23:59:44 +05:30
sreeram-venkitesh
5390f75360 Added podutil.HasAPIObjectReference to deny admission for static pods referencing API objects 2025-06-25 23:59:26 +05:30
Keita Mochizuki
a3097010fa
Change the implementation design of matchLabelKeys in PodTopologySpread to be aligned with PodAffinity (#129874) 
* Change the implementation design of matchLabelKeys in PodTopologySpread to be aligned with PodAffinity

* fix1
 2025-05-07 13:01:15 -07:00
Tim Allclair
5928fc0e60 Add ContainerIter utility for ranging over pod containers 2025-04-11 13:36:37 -07:00
Sreeram
0380f2c41c Validation 2025-03-25 01:58:04 +05:30
Kubernetes Prow Robot
2546557012
Merge pull request #130621 from sreeram-venkitesh/4818-sleep-action-zero-value-beta-graduation 
KEP 4818: PodLifecycleSleepActionAllowZero to Beta
 2025-03-20 13:08:39 -07:00
Kubernetes Prow Robot
451d032915
Merge pull request #130210 from everpeace/KEP-3619-promote-SupplementalGroupsPolicy-to-Beta 
KEP-3619: Promote SupplementalGroupsPolicy feature to Beta
 2025-03-20 11:24:37 -07:00
Sreeram
3043fbc3da Added feature gate to unit test 2025-03-20 19:36:10 +05:30
Sreeram
c0a1489bc8 Fix unit tests 2025-03-20 19:36:10 +05:30
kerthcet
1a34095f75 KEP-3094 Promote NodeInclusionPolicyInPodTopologySpread to Stable 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2025-03-20 14:54:42 +08:00
Shingo Omura
eda274ed7e
KEP-3619: merge SupplementalGroupsPolicy dedicated validation tests into standard ones 2025-03-20 13:45:22 +09:00
Tim Allclair
aba588cd14 Deprecate IPPVSAllocatedStatus: always set allocatedResources with InPlacePodVerticalScaling 2025-03-19 16:00:02 -07:00
Kubernetes Prow Robot
f1c634f93e
Merge pull request #130463 from sanposhiho/ga-mlk 
feat: graduate MatchLabelKeysInPodAffinity to GA
 2025-03-19 09:06:31 -07:00
Kensei Nakada
10c6a4258f feat: graduate MatchLabelKeysInPodAffinity to GA 2025-03-19 23:06:04 +09:00
Tim Allclair
cd1a5c6d5c Fix Kubelet unit tests 2025-03-18 15:51:09 -07:00
Natasha Sarkar
a15520fbea Move pod resize status to pod conditions 2025-03-17 22:01:05 +00:00
Vinayak Goyal
282e1490d4 KEP-5040: Disable git_repo volume driver. 2025-03-14 19:29:03 +00:00
Kubernetes Prow Robot
6b8341fc2e
Merge pull request #130544 from jsafrane/selinux-beta 
selinux: Promote SELinuxChangePolicy and SELinuxMount to beta
 2025-03-12 11:29:47 -07:00
Kubernetes Prow Robot
07d66d9c26
Merge pull request #130574 from natasha41575/drop_proposed_resize_status 
[FG:InPlacePodVerticalScaling] Drop `Proposed` resize status
 2025-03-11 09:49:46 -07:00
Kubernetes Prow Robot
3782b558a2
Merge pull request #128786 from danwinship/bad-ip-warnings 
warn on bad IPs in objects
 2025-03-11 00:11:47 -07:00
Natasha Sarkar
8a20e90839 [FG:InPlacePodVerticalScaling] Drop 'Proposed' resize status 2025-03-10 20:46:02 +00:00
Dan Winship
7316d83137 Add warnings to all IP/CIDR-valued fields 2025-03-07 11:00:11 -05:00
Natasha Sarkar
12d34624ba add observedGeneration to pod's dropDisabledStatusFields 2025-03-06 20:14:32 +00:00
Jan Safranek
96bae53a37 Promote SELinuxChangePolicy and SELinuxMount to beta 
SELinuxMount stays off by default, because it changes the default
kubelet behavior. SELinuxChangePolicy is on by default and notifies users
on Pods that could get broken by SELinuxMount feature gate.
 2025-03-04 11:03:54 +01:00
Kubernetes Prow Robot
a552570d2c
Merge pull request #129946 from alex-petrov-vt/iss-129907 
fix(pod/util): fix typo in getting pod validation options
 2025-02-28 07:09:04 -08:00
Alex Petrov
f63359efb0 fix(pod/util): typos in getting pod validation options 
Before, containers with the PostStart sleep lifecycle hook would cause
null pointer panics due to a typo in the field name being checked. This
commit fixes that.

The check also needs to be done on the oldPodSpec, rather than the
podSpec, so that existing workloads which use the zero value continue
functioning in the same way.
 2025-02-27 19:25:14 -05:00
Kubernetes Prow Robot
b14fad5adc
Merge pull request #130181 from natasha41575/apiserver-generation 
start setting pod metadata.generation
 2025-02-24 10:48:29 -08:00
Natasha Sarkar
d02401dea9 start setting pod metadata.generation 2025-02-24 16:22:14 +00:00
Tim Allclair
7098221ae5 Fix TweakContainers comment 2025-02-20 16:09:58 -08:00
Tim Allclair
a1595d9dca Don't allow memory limit decrease unless resize policy is RestartContainer 2025-02-14 12:38:52 -08:00
Kubernetes Prow Robot
0634e21fb5
Merge pull request #128367 from vivzbansal/sidecar-2 
[FG:InPlacePodVerticalScaling] Implement resize for sidecar containers
 2025-02-05 14:38:15 -08:00
Gunju Kim
0bee0bcaa7
Promote SidecarContainers feature to GA 2025-02-02 17:45:36 +09:00
vivzbansal
cfa0349159 Update validation code 2025-01-28 00:55:55 +00:00