This will allow components that don't need to watch headless services
(heavily used on ai/ml workloads) to filter them server side.
Specially useful for kubelet and kube-proxy
Co-authored-by: Jianbo Ma <sakuranlbj@gmail.com>
Change-Id: I6434d2c8c77aaf725ec5c07acbcda14311f24bfa
Change-Id: Iba9e25afb90712facfb3dee25c500bbe08ef38fc
This allows the state of restartable init containers to be transitioned
from terminated to non-terminated even for pods with RestartPolicyNever
or RestartPolicyOnFailure.
`NodeReachable`, `NodeLive`, `NodeSchedulable`, and `NodeRunnable` are mentioned
as "built-in set of conditions" but some of them do not exist in the current API.
Updated `pkgs/apis/core/types.go` too for consistency.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Inline the LoadBalancerSourceRanges parsing to make it more obvious
what it's requiring (and more importantly, *not* requiring), and
change it to use IsValidCIDR as well.
In preparation for rewriting LoadBalancerSourceRanges validation,
add/update the existing unit tests to cover some of the more exciting
edge cases of the existing validation code:
- The values in service.Spec.LoadBalancerSourceRanges are allowed to
have arbitrary whitespace around them.
- The annotation must be unset for non-LoadBalancer services, but
for LoadBalancer services, "set but empty" and "whitespace-only"
are treated the same as "unset".
- The annotation value is only validated if the field is not set.
Also fix some of the existing tests to be more precise about what they
are testing.
Also fix the CIDR values to actually be valid. Sigh.
Move apivalidation.ValidateCIDR to apimachinery, and rename it and
change its return value to match the other functions.
Also, add unit tests.
(Also, while updating NetworkPolicy validation for the API change, fix
a variable name that implied that IPBlock.Except[] is IP-valued rather
than CIDR-valued.)
This commit defines the ClusterTrustBundlePEM projected volume types.
These types have been renamed from the KEP (PEMTrustAnchors) in order to
leave open the possibility of a similar projection drawing from a
yet-to-exist namespaced-scoped TrustBundle object, which came up during
KEP discussion.
* Add the projection field to internal and v1 APIs.
* Add validation to ensure that usages of the project must specify a
name and path.
* Add TODO covering admission control to forbid mirror pods from using
the projection.
Part of KEP-3257.
Kubernetes Prow Robot
Tim Allclair
Antonio Ojea
HirazawaUi
Gaurav Ghildiyal
Tim Hockin
Wei Huang
Shiming Zhang
Kensei Nakada
Gunju Kim
Paco Xu
hunshcn
Akihiro Suda
Dan Winship
Kubernetes Prow Robot
zhangchao
Roman Bednar
Lubomir I. Ivanov
Kevin Hannon
Taahir Ahmed
Humble Chirammal
carlory