upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-02-03 20:40:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
135313 commits 60 branches 1202 tags 2.7 GiB
Commit graph

464 commits

Author SHA1 Message Date
Kubernetes Prow Robot
c4f5cea36b
Merge pull request #135746 from richabanker/move-flagz 
Move apiserver's flagz installation to genericapiserver alongside statusz
 2026-02-04 05:32:27 +05:30
Bryce Palmer
79aaabb40f bugfix: add loopback certificate expiration health check 
so that configured liveness probes will fail
if the loopback certificate has expired,
forcing a restart.

Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
 2026-02-03 12:31:20 -05:00
Richa Banker
4e47bea7b0 Move flagz installation together with statusz's 2026-01-30 11:25:19 -08:00
Kubernetes Prow Robot
f2143d70db
Merge pull request #135597 from alvaroaleman/plumb-context 
Service account controller: Wire through context
 2026-01-13 02:15:00 +05:30
Kubernetes Prow Robot
b9d491f56e
Merge pull request #134556 from carlory/fix-133160 
lock the feature-gate VolumeAttributesClass to default (true)
 2025-12-18 15:13:17 -08:00
carlory
f8e8e55f1d
locked the feature-gate VolumeAttributesClass to default (true) and switch storage version from v1beta1 to v1 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-12-18 15:59:33 +08:00
Kubernetes Prow Robot
508074f023
Merge pull request #135615 from soltysh/drop_autoscaling_v2betaX 
Drop autoscaling v2beta1 and v2beta2
 2025-12-17 23:28:25 -08:00
yliao
3e34de29c4 fixed the loophole that allows user to get around resource quota set by system admin 2025-12-18 00:56:20 +00:00
Maciej Szulik
e347aa994b
React to removing autoscaling v2beta1 and v2beta2 
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
 2025-12-05 11:59:30 +01:00
Alvaro Aleman
3d6a5d471f Service account controller: Wire through context 
This change enables structured logging and cancellation in the service
account controller by replacing the usage of context.TODO with an actual
context.
 2025-12-04 19:30:55 -05:00
Richa Banker
8f2c0a9a60 kube-apiserver: Enable peer proxy and peer-aggregated discovery 
Wire up peer proxy infrastructure in kube-apiserver:
- Add UnknownVersionInteroperabilityProxy feature gate
- Configure peer proxy with identity lease selectors
- Register CRD and APIService informers with exclusion filters
- Start peer discovery sync and GV cleanup workers

Includes extractors for CRDs and APIServices to identify which
GroupVersions should be excluded from peer discovery.

Part of KEP-4020: Unknown Version Interoperability Proxy
 2025-11-06 12:48:19 -08:00
Maciej Skoczeń
9639274676 api: Create Workload API 2025-11-06 09:36:43 +00:00
Kubernetes Prow Robot
b869afe68d
Merge pull request #133389 from pravk03/node-capabilities 
Introduce node declared features framework
 2025-11-06 01:32:54 -08:00
Praveen Krishna
e7a42e8e8e feat(admission): Add NodeDeclaredFeatures admission plugin 2025-11-06 01:21:17 +00:00
yliao
870062df4f adjusts DRA extended resource quota to include devices usages from regular resource claims 2025-11-05 23:24:24 +00:00
yongruilin
2422bc0bb8 feat: Implement structured /flagz endpoint 2025-11-04 19:45:30 +00:00
Siyuan Zhang
67143028e7 Add --min-compatibility flag. 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2025-10-30 13:36:38 -05:00
Kubernetes Prow Robot
3ec2d82da5
Merge pull request #134784 from michaelasp/svm_beta2 
SVM: bump the API to beta, remove unused fields
 2025-10-29 13:56:02 -07:00
Michael Aspinwall
3b72759d1b Update SVM to Beta 
Co-authored-by: Stanislav Láznička <stlaz.devel@proton.me>
 2025-10-29 19:36:11 +00:00
Kubernetes Prow Robot
dab7e3eb06
Merge pull request #134514 from richabanker/preshutdownhook-apiserver-identity 
Improve lifecycle and cleanup for the identity lease controller
 2025-10-28 10:28:10 -07:00
Richa Banker
491f7f9ba8 Add a preshutdownhook to cleanup apisever identity lease 2025-10-23 18:59:52 -07:00
Jordan Liggitt
339dba881f Add synthetic create authz check to pods/exec, pods/attach, pods/portforward 2025-10-21 18:26:06 +00:00
Tim Allclair
36e3a8f269 Record and require all kube-feature dependencies 2025-10-15 10:29:15 -07:00
Kubernetes Prow Robot
3a53784ecb
Merge pull request #133876 from kei01234kei/make_v1_version_fist_priotiry_inresource 
make v1 resource version first priority in resource
 2025-10-07 08:55:02 -07:00
Kubernetes Prow Robot
bded66365e
Merge pull request #134258 from mayank-agrwl/apiserver-lease-gc 
Make APIServerLeaseGC controller context-aware
 2025-10-01 03:34:17 -07:00
Mayank Agrawal
b0460eedba Make legacytokentracking controller context aware 2025-09-29 21:41:47 -07:00
Mayank Agrawal
2ffc06e09a Make APIServerLeaseGC controller context-aware 2025-09-24 23:11:26 -07:00
Aditi Gupta
f44279647b refactor: Use WaitForNamedCacheSyncWithContext in core components 
Signed-off-by: Aditi Gupta <aditigpta@google.com>
 2025-09-18 11:34:28 -07:00
Jordan Liggitt
55419eca7a
Plumb effective version into admission initializer 2025-09-17 15:23:31 -04:00
Kubernetes Prow Robot
26b246ae66
Merge pull request #133191 from Jefftree/rev 
Add jefftree to OWNERS
 2025-09-11 07:06:11 -07:00
Keisuke Ishigami
587f67052d modify api version hash 2025-09-10 09:48:21 +09:00
Marek Siarkowicz
683a76dd15 Enforce that all resources set resourcePrefix 2025-09-04 00:11:15 +02:00
Jefftree
70794c4568 Add newline to fix owners fmt 2025-08-04 19:12:56 +00:00
Jefftree
7242ddd937 Add jefftree to OWNERS 2025-08-04 19:12:13 +00:00
Antonio Ojea
81e680e6d9 defaultservicecidr controller no shutdown eventbroadcaster on start 
The defaultservicecidr controller runs as an apiserver PostStartHook
hence can not block the startup.
The logic of the controller was copied from the common boilerplate and
was assuming the controller blocked on start, hence defering the
shutdown of the eventbroadcaster.

Only shutdown the eventbroadcaster when the context is done.

Change-Id: I70426d5550afe3b12ab5ea68746238dd96f7db52
 2025-07-31 10:58:40 +00:00
Kubernetes Prow Robot
7912e5fd67
Merge pull request #131549 from carlory/KEP-3751-GA 
[Kep-3751] Promote VolumeAttributesClass to GA
 2025-07-24 16:44:27 -07:00
carlory
94bf8fc8a9 Promoted API VolumeAttributesClass and VolumeAttributesClassList to storage.k8s.io/v1. 
Promoted feature-gate `VolumeAttributesClass` to GA (on by default)

Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-07-25 01:53:59 +08:00
Patrick Ohly
b768c1d1d5 DRA API: bump storage version to v1beta2 
This avoids the overhead for the more complex conversion to v1beta1 and might
make it a bit more realistic to get rid of the v1beta1 eventually.

The expected GVK must be set explicitly because when emulating 1.33,
v1beta1 is the default although the fixed storage version is v1beta2.
 2025-07-24 08:33:56 +02:00
Patrick Ohly
cff91579e8 DRA API: v1 registration + tests 2025-07-24 08:30:25 +02:00
Simran Kaur
c7d6c09683
List available endpoints for kube-apiserver (#132581) 
Fix tests and formatting

Use ListedPaths for finding useful endpoints

Fix maps import

Update dependencies

Fix lint

Add option to pass listedpaths

Remove apiserver component check

Install statuz in genericapiserver

Register zpagesfeatures

Fix import order

Avoid adding non-debugging endpoints

Fix tests

Fix tests

fix tests

Sort paths

Sort in-place

Copy paths before sorting

Fix string initialization

Move sorting to later stage

Fix imports
 2025-07-23 21:44:27 -07:00
Taahir Ahmed
4624cb9bb9 Pod Certificates: Basic implementation 
* Define feature gate
* Define and serve PodCertificateRequest
* Implement Kubelet projected volume source
* kube-controller-manager GCs PodCertificateRequests
* Add agnhost subcommand that implements a toy signer for testing

Change-Id: Id7ed030d449806410a4fa28aab0f2ce4e01d3b10
 2025-07-21 21:49:57 +00:00
Patrick Ohly
3357e8fc05 SSA: add integration tests 
test/integration/apiserver/apply covers the behavior of server-side-apply (SSA)
for official APIs. But there seem to be no integration tests which cover the
semantic of SSA like adding/removing/updating entries in a list map. This adds
such a test.

It needs an API which is under control of the test and uses
k8s.io/apimachinery/pkg/apis/testapigroup for that purpose, with some issues
fixed (OpenAPI code generation complained) and a new list map added.

Registering that API group in the apiserver needs a REST storage and
strategy. The API group only gets added in the test. However, the production
code has to know about it. In particular,
pkg/generated/openapi/zz_generated.openapi.go has to describe it.
 2025-07-17 09:56:28 +02:00
PatrickLaabs
baf71997f5 chore: depr. pointer pkg replacement for pkg/controller 2025-07-07 13:22:36 +02:00
Kubernetes Prow Robot
201325e869
Merge pull request #132433 from michaelasp/configurablecle 
feat: make CLE timers configurable
 2025-06-30 12:08:31 -07:00
Michael Aspinwall
1a59c250ea feat: make CLE timers configurable 2025-06-25 16:38:50 +00:00
Harshal Neelkamal
0baeccd32f KEP-740: promote ExternalJWTSigner feature to beta 2025-06-10 16:16:13 +00:00
Kubernetes Prow Robot
c96032addd
Merge pull request #131318 from aojea/lock_servicecidr 
Lock MultiCIDRServiceAllocator to default and DisableAllocatorDualWrite to GA
 2025-05-13 09:51:28 -07:00
Kubernetes Prow Robot
d3dfded28e
Merge pull request #131469 from aojea/service_cidr_default_controller 
Service cidr default controller
 2025-05-10 07:19:14 -07:00
Antonio Ojea
699ec0a538
Remove wrong comment 2025-05-10 13:15:12 +02:00
Antonio Ojea
15ab88f88b remove networking v1alpha1 and make update 2025-05-06 13:29:54 +00:00