* take into account new fields for event
* add event with old event fields for test
* fix: remove unnecessary "+1" from event series count
* fix: update the assertion for failing test case
Kubernetes-commit: c6935ad50e0809c1dc2d3ac9000abda0ecb49bcc
API returns unit format in a non deterministic manner; ie it
chooses a unit format according to a resource that gets counted first
Kubernetes-commit: 3f0b64ec9597488be6365f89cc82338bcb7a9feb
This change updates the CSR API to add a new, optional field called
expirationSeconds. This field is a request to the signer for the
maximum duration the client wishes the cert to have. The signer is
free to ignore this request based on its own internal policy. The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration. The minimum allowed
value for this field is 600 seconds (ten minutes).
This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.
Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: cd91e59f7c351fce47c064a5162c2cb79075159c
As discussed during the alpha review, the ReadOnly field is not really
needed because volume mounts can also be read-only. It's a historical
oddity that can be avoided for generic ephemeral volumes as part
of the promotion to beta.
Kubernetes-commit: 555d4a12bf58f19cbd79f866e2abce13490bde40
* api: structure change
* api: defaulting, conversion, and validation
* [FIX] validation: auto remove second ip/family when service changes to SingleStack
* [FIX] api: defaulting, conversion, and validation
* api-server: clusterIPs alloc, printers, storage and strategy
* [FIX] clusterIPs default on read
* alloc: auto remove second ip/family when service changes to SingleStack
* api-server: repair loop handling for clusterIPs
* api-server: force kubernetes default service into single stack
* api-server: tie dualstack feature flag with endpoint feature flag
* controller-manager: feature flag, endpoint, and endpointSlice controllers handling multi family service
* [FIX] controller-manager: feature flag, endpoint, and endpointSlicecontrollers handling multi family service
* kube-proxy: feature-flag, utils, proxier, and meta proxier
* [FIX] kubeproxy: call both proxier at the same time
* kubenet: remove forced pod IP sorting
* kubectl: modify describe to include ClusterIPs, IPFamilies, and IPFamilyPolicy
* e2e: fix tests that depends on IPFamily field AND add dual stack tests
* e2e: fix expected error message for ClusterIP immutability
* add integration tests for dualstack
the third phase of dual stack is a very complex change in the API,
basically it introduces Dual Stack services. Main changes are:
- It pluralizes the Service IPFamily field to IPFamilies,
and removes the singular field.
- It introduces a new field IPFamilyPolicyType that can take
3 values to express the "dual-stack(mad)ness" of the cluster:
SingleStack, PreferDualStack and RequireDualStack
- It pluralizes ClusterIP to ClusterIPs.
The goal is to add coverage to the services API operations,
taking into account the 6 different modes a cluster can have:
- single stack: IP4 or IPv6 (as of today)
- dual stack: IPv4 only, IPv6 only, IPv4 - IPv6, IPv6 - IPv4
* [FIX] add integration tests for dualstack
* generated data
* generated files
Co-authored-by: Antonio Ojea <aojea@redhat.com>
Kubernetes-commit: 6675eba3eff1c8e565c4060a9c1396f75da7cc3e
Empty key and non-empty effect means to match all keys and values and
the specified effect. However "kubectl describe" prints it without space
between effect and operator. This patch adds the space for this case.
Kubernetes-commit: 04185f4e533b9b8ebaabe1ed09516e85c5ed1ae1
NetworkPolicy egress-all `kubectl describe` output should refer
to the term "destination" as opposed to "source" for describing
policies which do not restrict traffic based on the destination.
Kubernetes-commit: e0caf0b46f061c3fafa10aef83592fe300f2bf52
This reuses the code for describing a PVC, except that the output gets
indented more and some fields are skipped.
Kubernetes-commit: c1178bd925b54898e66cace37d35bf551380a75b
Ingressv1 Get is attempted for Ingresses and IngressClasses
and falls back to Ingressv1beta1 if there is a failure.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 31520ccb9b9a96acc4721b69ae231a6cbb74a503
An empty key with operator Exists matches all keys, values
and effects which means this will tolerate everything:
tolerations:
- operator: "Exists"
as stated in https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/.
However, the current printTolerationsMultilineWithIndent implementation ignores
this case. As the toleration is valid, there's no reason
to skip it when writing the list of all pod's tolerations.
Kubernetes-commit: 0bd9a4c6c5ba4fbbc8439effddc99004ddd6b232
Harjas