profile
viewpoint

joelsmith/alibaba-cloud-csi-driver 0

CSI Plugin for Kubernetes, Support Alibaba Cloud EBS/NAS/OSS/CPFS/LVM.

joelsmith/ansible 0

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.

joelsmith/api 0

The canonical location of the Kubernetes API definition.

joelsmith/apiextensions-apiserver 0

API server for API extensions like CustomResourceDefinitions

joelsmith/apiserver 0

Library for writing a Kubernetes-style API server.

joelsmith/apiserver-builder-alpha 0

apiserver-builder-alpha implements libraries and tools to quickly and easily build Kubernetes apiservers to support custom resource types based on APIServer Aggregation

joelsmith/asciidoctor-diagram 0

:left_right_arrow: Asciidoctor diagram extension, with support for AsciiToSVG, BlockDiag (BlockDiag, SeqDiag, ActDiag, NwDiag), Ditaa, Erd, GraphViz, Mermaid, Msc, PlantUML, Shaape, SvgBob, Syntrax, UMLet, Vega, Vega-Lite and WaveDrom.

joelsmith/autoscaler 0

Autoscaling components for Kubernetes

create barnchjoelsmith/ocp-build-data

branch : openshift-4.7

created branch time in 5 days

push eventjoelsmith/node-problem-detector

OpenShift Merge Robot

commit sha ac1a4850ea51261f29203e3cf12d666007dec926

Merge pull request #5 from joelsmith/master Get updates from upstream, add Dockerfile.openshift for Origin builds

view details

Clayton Coleman

commit sha 50557bf1a70a418e9188e0d2fb6fb7cf899c812f

Add a RHEL7 dockerfile and standarize format

view details

OpenShift Merge Robot

commit sha 19a915e68fc9b653e3408f30d5161698d787c88d

Merge pull request #6 from smarterclayton/rhel7 ADd a RHEL7 dockerfile and standardize format

view details

openshift-bot

commit sha 391a77487d2c8ef05264291d500b96f11a488803

Updating Dockerfile.openshift.rhel7 baseimages to mach ocp-build-data config This PR is autogenerated by the [ocp-build-data-enforcer][1]. It updates the baseimages in the Dockerfile used for promotion in order to ensure it matches the configuration in the [ocp-build-data repository][2] used for producing release artifacts. If you believe the content of this PR is incorrect, please contact the dptp team in #forum-testplatform. [1]: https://github.com/openshift/ci-tools/tree/master/cmd/ocp-build-data-enforcer [2]: https://github.com/openshift/ocp-build-data/tree/openshift-4.6-rhel-8/images

view details

OpenShift Merge Robot

commit sha 5b78c6c41b32b6802ffc2e0f274b21efa4684aff

Merge pull request #15 from openshift-bot/updating-dockerfile.openshift.rhel7-baseimages-to-mach-ocp-build-data-config Bug 1872080: Updating Dockerfile.openshift.rhel7 baseimages to mach ocp-build-data config

view details

openshift-bot

commit sha 3f97899a2704e020f5559a7ff0d99292aa6c38ab

Updating Dockerfile.openshift.rhel7 baseimages to mach ocp-build-data config This PR is autogenerated by the [ocp-build-data-enforcer][1]. It updates the base images in the Dockerfile used for promotion in order to ensure it matches the configuration in the [ocp-build-data repository][2] used for producing release artifacts. Instead of merging this PR you can also create an alternate PR that includes the changes found here. If you believe the content of this PR is incorrect, please contact the dptp team in #aos-art. [1]: https://github.com/openshift/ci-tools/tree/master/cmd/ocp-build-data-enforcer [2]: https://github.com/openshift/ocp-build-data/tree/openshift-4.6/images

view details

OpenShift Merge Robot

commit sha 088c4cb7e43357bd4b6343577c577c6f503fc766

Merge pull request #16 from openshift-bot/updating-dockerfile.openshift.rhel7-baseimages-to-mach-ocp-build-data-config Bug 1878163: Updating Dockerfile.openshift.rhel7 baseimages to mach ocp-build-data config

view details

joesmith

commit sha 6d47b1b13391b90d7a0feaf8f8a75d09c4bcb460

Add bugzilla component to OWNERS file

view details

push time in 5 days

pull request commentopenshift/vertical-pod-autoscaler-operator

Add bugzilla component to owners file

@rphillips PTAL

joelsmith

comment created time in 5 days

push eventjoelsmith/vertical-pod-autoscaler-operator

OpenShift Merge Robot

commit sha 834389acf1237657c6c42b4306fff4097ddd9975

Merge pull request #36 from joelsmith/master Bug 1884413: Update manifests to pass validation and allow direct upgrades

view details

Luke Meyer

commit sha 86fffe3240ac3554b0f654bc1513c6ea4592035f

manifests/art.yaml: CSV name is verticalpodautoscaler

view details

OpenShift Merge Robot

commit sha 91764a361c266102aac06ebd852f4e2c12462b69

Merge pull request #39 from sosiouxme/master bug 1886200: manifests/art.yaml: CSV name is verticalpodautoscaler

view details

Joel Smith

commit sha cbd55e0f24821ae5954131afa9b13a13223de9ea

Add bugzilla component to owners file

view details

push time in 5 days

issue commentcontainers/storage

Using mountopt metacopy=on results in build layers that include everything beneath

Yes, if I use nodev,metacopy=on running as root. To avoid it, I just avoid metacopy=on. I didn't notice your comments from Aug 3. Here's my podman info output:

host:
  BuildahVersion: 1.13.1
  CgroupVersion: v1
  Conmon:
    package: conmon-2.0.13-1.fc30.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.13, commit: 0d76d92618b091af3623e9d4a60889b32fe4bff6'
  Distribution:
    distribution: fedora
    version: "30"
  MemFree: 32708448256
  MemTotal: 66861326336
  OCIRuntime:
    name: runc
    package: runc-1.0.0-102.dev.gitdc9208a.fc30.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc10
      commit: ffa084d279c26351e6e63bd2c3f28d43fa1f6e57
      spec: 1.0.1-dev
  SwapFree: 0
  SwapTotal: 0
  arch: amd64
  cpus: 8
  eventlogger: journald
  hostname: xanadu.remote.redhat.com
  kernel: 5.5.16-100.fc30.x86_64
  os: linux
  rootless: false
  uptime: 962h 27m 6.47s (Approximately 40.08 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 25
  GraphDriverName: overlay
  GraphOptions:
    overlay.mountopt: nodev
  GraphRoot: /var/lib/containers/storage
  GraphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 18
  RunRoot: /var/run/containers/storage
  VolumePath: /var/lib/containers/storage/volumes
joelsmith

comment created time in 17 days

pull request commentkubernetes/security

Add Taahir Ahmed as an associate member

/lgtm

cjcullen

comment created time in 18 days

push eventjoelsmith/vertical-pod-autoscaler-operator

Joel Smith

commit sha 87c50fdba2650dd15357d59e98e18972e700e0ca

Allow upgrades directly from 4.5.z to 4.6.z

view details

push time in 23 days

push eventjoelsmith/vertical-pod-autoscaler-operator

Yaakov Selkowitz

commit sha 5a608246ee4a20491ee97bf83e6a3f9a363712c0

Update version check for .p? suffix

view details

OpenShift Merge Robot

commit sha 54ed0e09464d59cd4b8ad23f08dbc8f31fdeea1a

Merge pull request #30 from yselkowitz/patch-1 Bug 1853072: Update version check for .p? suffix

view details

Luke Meyer

commit sha 5a0027154f3c462546960399df5fc4753366ca7d

manifests: change 4.5 to 4.6

view details

OpenShift Merge Robot

commit sha dd8b9a16e7f5be6915aedcf10ef966449977fe51

Merge pull request #32 from sosiouxme/20200721-manifests-4.6 manifests: change 4.5 to 4.6

view details

openshift-bot

commit sha 5ff2d9f4a06c4a2ae1de42c63560cd677ca924e8

Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config This PR is autogenerated by the [ocp-build-data-enforcer][1]. It updates the baseimages in the Dockerfile used for promotion in order to ensure it matches the configuration in the [ocp-build-data repository][2] used for producing release artifacts. If you believe the content of this PR is incorrect, please contact the dptp team in #forum-testplatform. [1]: https://github.com/openshift/ci-tools/tree/master/cmd/ocp-build-data-enforcer [2]: https://github.com/openshift/ocp-build-data/tree/openshift-4.6-rhel-8/images

view details

OpenShift Merge Robot

commit sha 4e484f4ca3e266318fa71c8929ccf2685e1ff2dd

Merge pull request #33 from openshift-bot/updating-dockerfile.rhel7-baseimages-to-mach-ocp-build-data-config Bug 1872080: Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config

view details

Yaakov Selkowitz

commit sha 9c1d04fbf92888182f39e1f1122854c437ad0256

Update image-references for RHEL 8

view details

OpenShift Merge Robot

commit sha c706a446cd8200702fefa1135cd5299fec49661a

Merge pull request #34 from multi-arch/master Bug 1872080: Update image-references for RHEL 8

view details

openshift-bot

commit sha 6e9e2d1e6d268442abf8cb52a379144c026bc53b

Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config This PR is autogenerated by the [ocp-build-data-enforcer][1]. It updates the base images in the Dockerfile used for promotion in order to ensure it matches the configuration in the [ocp-build-data repository][2] used for producing release artifacts. Instead of merging this PR you can also create an alternate PR that includes the changes found here. If you believe the content of this PR is incorrect, please contact the dptp team in #aos-art. [1]: https://github.com/openshift/ci-tools/tree/master/cmd/ocp-build-data-enforcer [2]: https://github.com/openshift/ocp-build-data/tree/openshift-4.6/images

view details

OpenShift Merge Robot

commit sha a62cd2f36bf045265ce5805299edd11d5a43f085

Merge pull request #35 from openshift-bot/updating-dockerfile.rhel7-baseimages-to-mach-ocp-build-data-config Bug 1878163: Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config

view details

Joel Smith

commit sha 6917f81cc7008742e7bb1730224849c15d293813

Make OLM example CR match served/stored API version

view details

push time in 23 days

pull request commentkubernetes/security

Add Tabitha Sable as an associate member

/lgtm

cji

comment created time in a month

pull request commentopenshift/vertical-pod-autoscaler-operator

Bug 1872080: Update image-references for RHEL 8

Thanks! /lgtm /approve

yselkowitz

comment created time in a month

pull request commentopenshift/cluster-monitoring-operator

Bug 1824996: Wait 15 minutes before alerting on KubeNodeUnreachable

@lilic now that https://github.com/kubernetes-monitoring/kubernetes-mixin/pull/491 has merged upstream, how do I get the change in this repo?

joelsmith

comment created time in 2 months

PR closed openshift/origin

Reviewers
Bug 1845772: [release-4.2] kubelet: block non-forwarded packets from crossing the localhost boundary approved bugzilla/invalid-bug bugzilla/severity-medium lgtm

This is a release-4.2 cherry-pick of https://github.com/openshift/origin/pull/25141

+16 -0

30 comments

1 changed file

joelsmith

pr closed time in 2 months

pull request commentopenshift/origin

Bug 1845772: [release-4.2] kubelet: block non-forwarded packets from crossing the localhost boundary

/close Sorry for reopening - only high/critical issues being fixed in 4.2.

joelsmith

comment created time in 2 months

PullRequestEvent

PR opened kubernetes-monitoring/kubernetes-mixin

Wait 15 minutes before alerting on KubeNodeUnreachable

This brings it inline with KubeNodeNotReady

This alert has a low signal-to-noise ratio for many of our customers. We have seen it fire during short periods of high IOPS which cause the kubelet to become unreachable. The kubelet recovers, but the customers are panicked by the alert. KubeNodeUnreachable and KubeNodeNotReady are similar in severity and in how they might be handled, so it seems reasonable to me that they have similar alerting times.

+1 -0

0 comment

1 changed file

pr created time in 2 months

push eventjoelsmith/kubernetes-mixin

Joel Smith

commit sha b976f4716ea62ed5ca11c9e76ea36b35c94fba16

Wait 15 minutes before alerting on KubeNodeUnreachable This brings it inline with KubeNodeNotReady

view details

push time in 2 months

fork joelsmith/kubernetes-mixin

A set of Grafana dashboards and Prometheus alerts for Kubernetes.

fork in 2 months

pull request commentkubernetes/community

Proposed charter for SIG Security

I plan to participate in sig-security but I would not like to be a chair.

JayBeale

comment created time in 2 months

pull request commentkubernetes/k8s.io

Update cji's email address.

/lgtm

cji

comment created time in 2 months

pull request commentkubernetes/security

Update Craig's (cji) email address

/lgtm /approve

cji

comment created time in 2 months

pull request commentkubernetes/community

Update my company affiliation

/lgtm

cji

comment created time in 2 months

pull request commentkubernetes/community

Update my company affiliation

/lgtm

cji

comment created time in 2 months

pull request commentopenshift/enhancements

vpa: Update enhancment to implemented

Thanks! /lgtm

russellb

comment created time in 2 months

pull request commentopenshift/node-problem-detector-operator

Update Dockerfile based on ocp-build-data in master

/lgtm /approve

petr-muller

comment created time in 2 months

pull request commentopenshift/origin

Bug 1857080: Include pod /etc/hosts in ephemeral storage calculation for eviction

/bugzilla refresh

joelsmith

comment created time in 2 months

pull request commentopenshift/origin

Bug 1857079: Include pod /etc/hosts in ephemeral storage calculation for eviction

/bugzilla refresh

joelsmith

comment created time in 2 months

pull request commentopenshift/origin

Bug 1857081: Include pod /etc/hosts in ephemeral storage calculation for eviction

/bugzilla refresh

joelsmith

comment created time in 2 months

PR closed openshift/origin

Reviewers
Bug 1845772: [release-4.2] kubelet: block non-forwarded packets from crossing the localhost boundary approved bugzilla/invalid-bug bugzilla/severity-medium lgtm

This is a release-4.2 cherry-pick of https://github.com/openshift/origin/pull/25141

+16 -0

23 comments

1 changed file

joelsmith

pr closed time in 2 months

pull request commentopenshift/origin

Bug 1857081: Include pod /etc/hosts in ephemeral storage calculation for eviction

/bugzilla refresh

joelsmith

comment created time in 2 months

pull request commentopenshift/release

Update which Dockerfile to use for Node Problem Detector CI

/cc @jupierce

joelsmith

comment created time in 2 months

PR opened openshift/release

Update which Dockerfile to use for Node Problem Detector CI

This brings the test inline with what ART expects

+3 -3

0 comment

3 changed files

pr created time in 2 months

push eventjoelsmith/release

OpenShift Merge Robot

commit sha e5f65f826ca9a6df99f1ec9223eb3f25a4bce6ac

Merge pull request #10298 from openshift-bot/auto-config-brancher Automate config brancher by auto-config-brancher job at Thu, 16 Jul 2020 18:01:56 UTC

view details

openshift-bot

commit sha ac332943302802e379027437c5301f4cb2464788

config-brancher --config-dir ./ci-operator/config --current-release 4.6 --future-release 4.7 --confirm

view details

openshift-bot

commit sha 12a78af375438486604f34756e6a8d2e09776b72

ci-operator-config-mirror --config-path ./ci-operator/config --to-org openshift-priv --only-org openshift --whitelist-file ./core-services/openshift-priv/_whitelist.yaml

view details

openshift-bot

commit sha a9608afcac1b266769664491e80b5bb27c8058d7

ci-operator-prowgen --from-dir ./ci-operator/config --to-dir ./ci-operator/jobs

view details

openshift-bot

commit sha 8ec1d7b0cc037d0e3ee599319a8311220e5c57e2

sanitize-prow-jobs --prow-jobs-dir ./ci-operator/jobs --config-path ./core-services/sanitize-prow-jobs/_config.yaml

view details

OpenShift Merge Robot

commit sha 8bc246e86b540d3076b3167f1bc455215de1a475

Merge pull request #10300 from openshift-bot/auto-config-brancher Automate config brancher by auto-config-brancher job at Thu, 16 Jul 2020 19:05:52 UTC

view details

OpenShift Merge Robot

commit sha 948eec6dc3eb6f44925283987b884242d967500a

Merge pull request #10157 from JacobTanenbaum/updateWindowsTest update the windows testing on ovn-kubernetes and cluster-network-operator

view details

OpenShift Merge Robot

commit sha b11e0c2efb1e2067d2d66525871a96c87b618194

Merge pull request #10167 from marun/cleanup-transition-hyperkube Cleanup origin test branch configuration

view details

openshift-bot

commit sha da6581f40eedc2f4378cbe2124b2e851723ec95c

config-brancher --config-dir ./ci-operator/config --current-release 4.6 --future-release 4.7 --confirm

view details

openshift-bot

commit sha 7169eef2fd3de3161fd1222d7829e7cfefa829dd

ci-operator-config-mirror --config-path ./ci-operator/config --to-org openshift-priv --only-org openshift --whitelist-file ./core-services/openshift-priv/_whitelist.yaml

view details

OpenShift Merge Robot

commit sha 03799768e5630ed5e04d9ad8efb4698714e26c54

Merge pull request #10301 from openshift-bot/auto-config-brancher Automate config brancher by auto-config-brancher job at Thu, 16 Jul 2020 20:02:00 UTC

view details

Ray Harris

commit sha ca91680bd7b7e7574a4198bc6719aacf0fdb86ee

remove PIPELINE_MANIFEST_COMPONENT_TAG override Pipeline integration is ready to use a normal component tag.

view details

Ray Harris

commit sha 1423c441787a72a435e62aed921a588b574e822f

add PIPELINE_MANIFEST_REMOTE_REPO override

view details

Maru Newby

commit sha f42ba43105b7985b8f238b1e8f8dc3ad308b69d8

Remove unused artifacts resource configuration from origin:master

view details

Maru Newby

commit sha 82033a2e82ba40c882dea463696142288b218e4c

Move artifacts job from master branch of origin to openshift/kubernetes

view details

OpenShift Merge Robot

commit sha d0dd480625f6a9c070ffc58b208740e7cd11ed51

Merge pull request #10299 from marun/fix-origin Move artifacts job from master branch of origin to openshift/kubernetes

view details

openshift-bot

commit sha 0745e5488570f0e6753153b5ad76a1eeabdf3b8f

config-brancher --config-dir ./ci-operator/config --current-release 4.6 --future-release 4.7 --confirm

view details

openshift-bot

commit sha 9c8ffcb74ff0027c97b8558fb2b868c697d684e5

ci-operator-config-mirror --config-path ./ci-operator/config --to-org openshift-priv --only-org openshift --whitelist-file ./core-services/openshift-priv/_whitelist.yaml

view details

OpenShift Merge Robot

commit sha 7dadb2816693ce8797b5c674d8254d07f9435420

Merge pull request #10204 from droslean/missing-stuff Add missing openshift-priv configuration in app.ci

view details

OpenShift Merge Robot

commit sha 85c07984ae50b3304fd5afb4e613b1d6c9cbf623

Merge pull request #10306 from openshift-bot/auto-config-brancher Automate config brancher by auto-config-brancher job at Thu, 16 Jul 2020 22:03:26 UTC

view details

push time in 2 months

pull request commentopenshift/node-problem-detector-operator

Update Dockerfile based on ocp-build-data

/hold cancel

alvaroaleman

comment created time in 3 months

pull request commentopenshift/node-problem-detector-operator

Update Dockerfile based on ocp-build-data

/lgtm /approve

alvaroaleman

comment created time in 3 months

pull request commentkubernetes/kubernetes

Move/update SECURITY.md to root, add to staging repos

@nikhita at a minimum I would prefer to have the file in the root of k/k for visibility. I don't think that the GH security policy link is well known yet, so I'm afraid people won't know to look for it. We get enough people improperly reporting security issues as it is. I don't feel very strongly either way for the staging repos. Perhaps @tallclair could chime in too.

joelsmith

comment created time in 3 months

issue commentkubernetes/org

Create .github repo in all kubernetes GitHub orgs

Regarding SECURITY_CONTACTS, that files is specific to our project. GitHub only looks in the .github repo for the specific Community Health files that it cares about. So SECURITY_CONTACTS would just be for the new .github repos, and wouldn't affect other repos in the orgs.

That being said, we're likely to deprecate SECURITY_CONTACTS soon in favor of a separate section in the OWNERS files.

/lgtm

nikhita

comment created time in 3 months

pull request commentkubernetes/kubernetes

Move/update SECURITY.md to root, add to staging repos

I have updated the PR to update /.github/SECURITY.md and move it to /SECURITY.md.

joelsmith

comment created time in 3 months

push eventjoelsmith/kubernetes

wfender

commit sha 22dafd9406f2acf375c65ed9dc636943e06a3929

Adding cheftako to pkg/controller/OWNERS

view details

Stefan Bueringer

commit sha 06e878081853ea0e6257e8966edf766c506f5bb0

conformance-tests: make orpan RS created by deployment test more resilient

view details

Stephen Heywood

commit sha 44cd9d3cfe74ceb5f61c0129957637ebf9dfb507

Promote delete collection pods e2e test to conformance

view details

Stephen Heywood

commit sha 86ba88d52ffabe24581c062fd61463bcb697a3ae

Promote: Discovery PreferredVersion test

view details

Antonio Ojea

commit sha 4bbf2c4a3e6789f7dbe457904b46e4a24bf75b32

e2e dns test autodetect the IP family instead of using tag to discriminate the e2e test, we can use the e2e framework IPFamily method.

view details

yue9944882

commit sha 40e3feb7f1b7f54a512785af7e28810c0874ac63

removes empty columns and fixes request details

view details

Jun Gong

commit sha 454f9acc242e0a0818acccf4acd1fa579ff70c83

Remove unuseful error message about updating pod conditions not owned by kubelet

view details

Seth Jennings

commit sha 78bdf89e50d1863fe5f412509a5c38da7a8554c6

e2e: examples: fix test image reference

view details

Dan Williams

commit sha 31c563a46f7f692378dd5dfdda16fb0d97c4aa46

agnhost/netexec: logging cleanup and print more verbose errors There's currently no way to know whether an error is for SCTP or UDP, for example: Jul 24 09:55:54.469: INFO: netserver-0[e2e-nettest-3476].container[webserver].log 2020/07/24 09:53:52 Started UDP server 2020/07/24 09:53:52 Error occurred. error:protocol not supported In this case the "Error occurred. error:protocol not supported" is actually for the SCTP socket. Make that more apparent.

view details

Caleb Woodbine

commit sha e311df70e14c0097f40b5ef8863ac60814e0a935

Promote Endpoint resource lifecycle test

view details

knight42

commit sha a3b772b44222ae3c3dbbd64fa9bc908efcd63979

test: deflake TestRecycleSlices test Signed-off-by: knight42 <anonymousknight96@gmail.com>

view details

Seth Jennings

commit sha a4f043a9806b7108dcde34e8c711aec78e2daa3c

kubelet: eviction: remove noise from TestGetReclaimableThreshold test output

view details

Stephen Heywood

commit sha 1077a9e862e93af3b1b4dbfbb404bed366b64855

Add missing release metadata for e2e tests

view details

Kubernetes Prow Robot

commit sha 575c4925be8c39bfdef1dd407cb6515a54a2c131

Merge pull request #93464 from knight42/fix/flaky-ep-test test: deflake TestRecycleSlices test

view details

Wei Huang

commit sha 8936f9e4bf40fd48cba14e6b1da9756b706fe4c7

Fix integration test flake on TestScorePlugin

view details

Rob Scott

commit sha 6051a16edd014b824ef0a0e3ae0370c34e45a990

Improving logging in EndpointSlice e2e tests When these tests failed it was unclear that the reason for the failure could have been more EndpointSlices than expected. It was also unclear what EndpointSlices were actually found when that occurred. This fixes both of those issues.

view details

Rob Scott

commit sha eb196be1399f1b8e0205e48f37b51d56c282d720

Increasing allowed delay for EndpointSlice mirroring integration tests. The shorter 5s delay had become a source of flakes.

view details

Kubernetes Prow Robot

commit sha e79e352d36258abc5e5659289ec0fb13634bcbe7

Merge pull request #93493 from Huang-Wei/flake-score Fix integration test flake on TestScorePlugin

view details

Kubernetes Prow Robot

commit sha 8d74486a6a1a8fb2246bd89faf1746393135a463

Merge pull request #93497 from robscott/endpointslicemirroring-integration-fix Increasing allowed delay for EndpointSlice mirroring integration tests

view details

Wei Huang

commit sha 862fdaaf793c6c91bdf75d01b7940933aabbd74e

Fix an integration test flake on NodeAfffinity ScorePlugin

view details

push time in 3 months

pull request commentkubernetes/website

Add "latest" version of API docs to provide more durable link targets

Sorry that I haven't gotten back to this, it's been a busy month. I think either approach (copied content vs. redirect) provides what I'm hoping for. I agree that it doesn't make sense for the snapshots to have a latest; that's something I didn't think much about.

I prefer transparent redirect to 307, but I can see the case for both. I'd like to be able to browse the "latest" version, then copy the URL without having to edit it. With the 307, I have to edit every URL I copy. So, yes, much more intentional that way.

Thanks, all, for looking into this for me.

joelsmith

comment created time in 3 months

PR closed openshift/origin

Reviewers
Bug 1857082: Include pod /etc/hosts in ephemeral storage calculation for eviction approved bugzilla/severity-medium bugzilla/valid-bug do-not-merge/hold vendor-update

Backport of https://github.com/kubernetes/kubernetes/issues/93032

+23 -4

35 comments

5 changed files

joelsmith

pr closed time in 3 months

pull request commentopenshift/origin

Bug 1857082: Include pod /etc/hosts in ephemeral storage calculation for eviction

This appeared in the recent rebase #25314. Closing.

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

PR opened openshift/cluster-monitoring-operator

Bug 1824996: Wait 15 minutes before alerting on KubeNodeUnreachable

This brings it inline with KubeNodeNotReady

  • Wait 15 minutes before alerting on KubeNodeUnreachable
  • (X) I added CHANGELOG entry for this change.
  • ( ) No user facing changes, so no entry in CHANGELOG was needed.
+1 -1

0 comment

1 changed file

pr created time in 3 months

push eventjoelsmith/cluster-monitoring-operator

Joel Smith

commit sha b2cb06fdb0ee0b5d0ceaee01b86ee127eee24f51

Wait 15 minutes before alerting on KubeNodeUnreachable This brings it inline with KubeNodeNotReady

view details

push time in 3 months

pull request commentkubernetes/kubernetes

jsonpath: disallow multiple immediate recursive descent

/retest

joelsmith

comment created time in 3 months

issue commentcontainers/storage

Using mountopt metacopy=on results in build layers that include everything beneath

I don't know why it works for you and doesn't work for me. I'm using btrfs, so maybe that has something to do with it. I tested 3 configs, and for me it was only broken when running as root with metacopy=on.

run as \ mount opts nodev,metacopy=on nodev
root: broken works
non-root: works untested
  1. Running this as a normal user, with metacopy=on. Works as expected:
$ grep ^mountopt /etc/containers/storage.conf 
mountopt = "nodev,metacopy=on"

$ cat Dockerfile
FROM gcr.io/google-containers/busybox
RUN dd if=/dev/zero of=/bigempty bs=1000000 count=20

$ buildah bud -t layertest .
STEP 1: FROM gcr.io/google-containers/busybox
STEP 2: RUN dd if=/dev/zero of=/bigempty bs=1000000 count=20
20+0 records in
20+0 records out
STEP 3: COMMIT layertest
Getting image source signatures
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 44c2569c4504 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob d85c9040b0fd done
Copying config 30221dd371 done
Writing manifest to image destination
Storing signatures
30221dd37163182f25d5b268a368a9ac4677214d16fa81dca023975e8afb785d
30221dd37163182f25d5b268a368a9ac4677214d16fa81dca023975e8afb785d

$ podman image tree layertest
Image ID: 30221dd37163
Tags:    [localhost/layertest:latest]
Size:    22.65MB
Image Layers
├──  ID: 5f70bf18a086 Size: 1.024kB
├──  ID: 9b8ee3b34fd5 Size: 1.024kB
├──  ID: b110bf48c2ff Size: 2.644MB
├──  ID: 42a413a59099 Size: 1.024kB Top Layer of: [gcr.io/google-containers/busybox:latest]
└──  ID: cb5a1726463b Size:    20MB Top Layer of: [localhost/layertest:latest]

$ cat Dockerfile2 
FROM layertest
RUN touch /touchfile

$ buildah bud -f Dockerfile2 -t layertest2 .
STEP 1: FROM layertest
STEP 2: RUN touch /touchfile
STEP 3: COMMIT layertest2
Getting image source signatures
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 44c2569c4504 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob d85c9040b0fd skipped: already exists
Copying blob 91b2609df3c1 done
Copying config b84d06b6cc done
Writing manifest to image destination
Storing signatures
b84d06b6ccbabb440e9f5a09c5ca5fa5f4b53f8d92781dab60bbe73b93615005
b84d06b6ccbabb440e9f5a09c5ca5fa5f4b53f8d92781dab60bbe73b93615005

$ podman image tree layertest2
Image ID: b84d06b6ccba
Tags:    [localhost/layertest2:latest]
Size:    22.66MB
Image Layers
├──  ID: 5f70bf18a086 Size: 1.024kB
├──  ID: 9b8ee3b34fd5 Size: 1.024kB
├──  ID: b110bf48c2ff Size: 2.644MB
├──  ID: 42a413a59099 Size: 1.024kB Top Layer of: [gcr.io/google-containers/busybox:latest]
├──  ID: cb5a1726463b Size:    20MB Top Layer of: [localhost/layertest:latest]
└──  ID: d3368b08fb42 Size: 1.536kB Top Layer of: [localhost/layertest2:latest]
  1. Running this as root, with metacopy=on. Broken -- two layers with 20 MB:
$ grep ^mountopt /etc/containers/storage.conf 
mountopt = "nodev,metacopy=on"

$ cat Dockerfile
FROM gcr.io/google-containers/busybox
RUN dd if=/dev/zero of=/bigempty bs=1000000 count=20

$ sudo buildah bud -t layertest .
STEP 1: FROM gcr.io/google-containers/busybox
STEP 2: RUN dd if=/dev/zero of=/bigempty bs=1000000 count=20
20+0 records in
20+0 records out
STEP 3: COMMIT layertest
Getting image source signatures
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 44c2569c4504 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob de416675a612 done
Copying config 20b991298d done
Writing manifest to image destination
Storing signatures
20b991298d6a5fa88c43c2f305ecc452947384ecf87482d353d5a2904ee610b2
20b991298d6a5fa88c43c2f305ecc452947384ecf87482d353d5a2904ee610b2

$ sudo podman image tree layertest
Image ID: 20b991298d6a
Tags:    [localhost/layertest:latest]
Size:    22.65MB
Image Layers
├──  ID: 5f70bf18a086 Size: 1.024kB
├──  ID: 9b8ee3b34fd5 Size: 1.024kB
├──  ID: b110bf48c2ff Size: 2.644MB
├──  ID: 42a413a59099 Size: 1.024kB Top Layer of: [gcr.io/google-containers/busybox:latest]
└──  ID: 53cb182a02fd Size:    20MB Top Layer of: [localhost/layertest:latest]

$ cat Dockerfile2 
FROM layertest
RUN touch /touchfile

$ sudo buildah bud -f Dockerfile2 -t layertest2 .
STEP 1: FROM layertest
STEP 2: RUN touch /touchfile
STEP 3: COMMIT layertest2
Getting image source signatures
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 44c2569c4504 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob de416675a612 skipped: already exists
Copying blob 198c444e6085 done
Copying config a29677b8fe done
Writing manifest to image destination
Storing signatures
a29677b8fe600e13404f31622d8228aae4266fd05741ed31e14eac3c6b029a4f
a29677b8fe600e13404f31622d8228aae4266fd05741ed31e14eac3c6b029a4f

$ sudo podman image tree layertest2
Image ID: a29677b8fe60
Tags:    [localhost/layertest2:latest]
Size:    42.66MB
Image Layers
├──  ID: 5f70bf18a086 Size: 1.024kB
├──  ID: 9b8ee3b34fd5 Size: 1.024kB
├──  ID: b110bf48c2ff Size: 2.644MB
├──  ID: 42a413a59099 Size: 1.024kB Top Layer of: [gcr.io/google-containers/busybox:latest]
├──  ID: 53cb182a02fd Size:    20MB Top Layer of: [localhost/layertest:latest]
└──  ID: f16ef1ab634f Size:    20MB Top Layer of: [localhost/layertest2:latest]
  1. Running this as root, without metacopy=on. Works as expected:
$ grep ^mountopt /etc/containers/storage.conf 
mountopt = "nodev"

$ cat Dockerfile
FROM gcr.io/google-containers/busybox
RUN dd if=/dev/zero of=/bigempty bs=1000000 count=20

$ sudo buildah bud -t layertest .
STEP 1: FROM gcr.io/google-containers/busybox
STEP 2: RUN dd if=/dev/zero of=/bigempty bs=1000000 count=20
20+0 records in
20+0 records out
STEP 3: COMMIT layertest
Getting image source signatures
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 44c2569c4504 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 140f20ed64be done
Copying config b2f693eac3 done
Writing manifest to image destination
Storing signatures
b2f693eac367a8adb39737c17fd04c75dea23b51afcffa8ed17a5dc70d10baa6
b2f693eac367a8adb39737c17fd04c75dea23b51afcffa8ed17a5dc70d10baa6

$ sudo podman image tree layertest
Image ID: b2f693eac367
Tags:    [localhost/layertest:latest]
Size:    22.65MB
Image Layers
├──  ID: 5f70bf18a086 Size: 1.024kB
├──  ID: 9b8ee3b34fd5 Size: 1.024kB
├──  ID: b110bf48c2ff Size: 2.644MB
├──  ID: 42a413a59099 Size: 1.024kB Top Layer of: [gcr.io/google-containers/busybox:latest]
└──  ID: 7ad04eef10f2 Size:    20MB Top Layer of: [localhost/layertest:latest]

$ cat Dockerfile2 
FROM layertest
RUN touch /touchfile

$ sudo buildah bud -f Dockerfile2 -t layertest2 .
STEP 1: FROM layertest
STEP 2: RUN touch /touchfile
STEP 3: COMMIT layertest2
Getting image source signatures
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 44c2569c4504 skipped: already exists
Copying blob 5f70bf18a086 skipped: already exists
Copying blob 140f20ed64be skipped: already exists
Copying blob bea99bd119e9 done
Copying config 134a1fb08c done
Writing manifest to image destination
Storing signatures
134a1fb08c192c6d4d6d9c36c7eb5bb1264ac6d06a6afae229af05fc80da7d38
134a1fb08c192c6d4d6d9c36c7eb5bb1264ac6d06a6afae229af05fc80da7d38

$ sudo podman image tree layertest2
Image ID: 134a1fb08c19
Tags:    [localhost/layertest2:latest]
Size:    22.66MB
Image Layers
├──  ID: 5f70bf18a086 Size: 1.024kB
├──  ID: 9b8ee3b34fd5 Size: 1.024kB
├──  ID: b110bf48c2ff Size: 2.644MB
├──  ID: 42a413a59099 Size: 1.024kB Top Layer of: [gcr.io/google-containers/busybox:latest]
├──  ID: 7ad04eef10f2 Size:    20MB Top Layer of: [localhost/layertest:latest]
└──  ID: 21f5446badca Size: 1.536kB Top Layer of: [localhost/layertest2:latest]
joelsmith

comment created time in 3 months

issue openedkubernetes/cloud-provider-vsphere

Private keys committed to repo without accompanying readme

/kind bug

What happened:

The Kubernetes Product Security Committee received reports of encryption keys being posted to Git Hub due to:

https://github.com/kubernetes/cloud-provider-vsphere/blob/dd04229da5faab670bcb27abe18f26cafa81596b/pkg/common/vclib/fixtures/ca.key https://github.com/kubernetes/cloud-provider-vsphere/blob/dd04229da5faab670bcb27abe18f26cafa81596b/pkg/common/vclib/fixtures/server.key

What you expected to happen:

As described in our Hacker One bug bounty policy page, any dummy test-only keys should have an accompanying readme to let everyone know what the keys are used for and that they are not sensitive:

We have some dummy credentials in test data. Such values should typically have a comment indicating that they are not sensitive. When reporting leaked credentials, please check to ensure it's not just test data.

Anything else we need to know?:

If possible, it would be preferable to have the test generate any dummy keys on each run of the test to remove any doubts about the security implication of keys committed to the repo.

created time in 3 months

Pull request review commentkubernetes/kubernetes

jsonpath: allow a maximum of 2 periods (..) when parsing

 func (p *Parser) parseRecursive(cur *ListNode) error { 	cur.append(newRecursive()) 	if r := p.peek(); isAlphaNumeric(r) { 		return p.parseField(cur)+	} else if r == '.' {+		// one or more periods following the recursive descent operator .. is invalid

Yes, that worked (with a slight modification). I have updated the unit tests accordingly.

joelsmith

comment created time in 3 months

push eventjoelsmith/kubernetes

knight42

commit sha 1b9f11c9a9524eddd3ffa3ece7c70d7da3ea4780

fix(e2e): access nodes via test container in LB network tests Signed-off-by: knight42 <anonymousknight96@gmail.com>

view details

RainbowMango

commit sha 23613a90aa0e096a5e6e45ae19e403bde1485054

remove etcd deprecated parameters

view details

wfender

commit sha 22dafd9406f2acf375c65ed9dc636943e06a3929

Adding cheftako to pkg/controller/OWNERS

view details

Stephen Heywood

commit sha 44cd9d3cfe74ceb5f61c0129957637ebf9dfb507

Promote delete collection pods e2e test to conformance

view details

Stephen Augustus

commit sha 90c223fa5cf0afa1144fbe35e50e212e0c6c9c7b

[VDF] Remove references to us.gcr.io/k8s-artifacts-prod Signed-off-by: Stephen Augustus <saugustus@vmware.com>

view details

Stephen Augustus

commit sha 99dd7570eb59a4ff040a7656c9d2b879f47acc59

[VDF] Remove references to gcr.io/google-containers Signed-off-by: Stephen Augustus <saugustus@vmware.com>

view details

Jordan Liggitt

commit sha 6ef0fa6244342596829b01b0afdb47d1df48d458

Delete pod collection immediately

view details

yue9944882

commit sha 40e3feb7f1b7f54a512785af7e28810c0874ac63

removes empty columns and fixes request details

view details

Jordan Liggitt

commit sha acce8871d67c7dfa400b1b8d3252589c1830745d

Add subjectAltName to test serving certificates

view details

Jordan Liggitt

commit sha 22c923674165445b90b1cb525a7287ccd038c6be

Allow integration test servers extra time to start

view details

Jordan Liggitt

commit sha bf6f87c637b9ebbfdd8ddbcc9b548c4ba22bc02d

Revert "Merge pull request 90942 from ii/ii-create-pod%2Bpodstatus-resource-lifecycle-test"

view details

Jordan Liggitt

commit sha 3fa8b15636d50c40eaaab6b6f1d5482695f2db75

Revert "Merge pull request 92589 from ii/create-deployment-resource-lifecycle-test"

view details

Maël Kimmerlin

commit sha c2ec8bedbcc9a675d0c4c0317e8be559bc5e3f63

Fix scheduler issue with nodetree additions When nodes are added in multiple zones at once, the nodeTree next function does not return a correct list of nodes but repeats some This commit resets the index before starting to call next() to prevent this issue Special thanks to igraecao for the help in finding the bug Co-authored-by: igraecao <matvej.yolli@outlook.com>

view details

Nikhita Raghunath

commit sha c00dae060731f6286ee3743db24782f09c33945a

Revert "Merge pull request #93156 from logicalhan/triage-api-machinery" This reverts commit 32438cf26938091bea56e7ca7c3fcf4215652f9c, reversing changes made to bb6a6aa3915cc9f7efaaf2291f6adac8333fd33c.

view details

Kubernetes Prow Robot

commit sha 55476fb8723be7eef19e0db3a5a084aded3178eb

Merge pull request #93373 from liggitt/deflake-pod-collection Delete pod collection immediately

view details

Kubernetes Prow Robot

commit sha 607c5daabd4204fcebe90f983ba06edfcc6fc4e5

Merge pull request #93405 from liggitt/revert-pod-lifecycle-flake Revert "Merge pull request #90942 from ii/ii-create-pod%2Bpodstatus-resource-lifecycle-test"

view details

Nikhita Raghunath

commit sha 3a74f461a2b5e74e95734b8930ae3a39cdb88cee

Revert "Merge pull request #93160 from logicalhan/triage-instrumentation" This reverts commit 1ed2cf189571bf0264822adf0cfe88007a30e934, reversing changes made to 04ecdb9eb60588539c571f9ea343aa7049f29ff2.

view details

Jordan Liggitt

commit sha 4c203fd96e97d84d2755a8dec230c3c0ffc55d39

Mark default ingressclass tests serial, do not set default ingressclass in conformance

view details

Seth Jennings

commit sha 78bdf89e50d1863fe5f412509a5c38da7a8554c6

e2e: examples: fix test image reference

view details

Kubernetes Prow Robot

commit sha b826d394af56d1bc77aebee356ec1622ea450fbe

Merge pull request #93398 from liggitt/apiserver-integration-startup Allow integration test servers extra time to start

view details

push time in 3 months

pull request commentkubernetes/kubernetes-template-project

Add SECURITY.md security policy

There are a lot of kubernetes-sigs repos. I wonder if instead of opening a PR against each with the added file, what if we create a kubernetes-sig/.github repo? Apparently, if you create a repo named .github in your org, you can put an org-wide default SECURITY.md (along with other similar policy docs). Then individual sigs can override it as needed, and we don't have to make sure that new repos there get the file added.

According to [the docs)[https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository]:

You can create a default security policy for your organization or user account. For more information, see "Creating a default community health file."

The linked doc says:

You can add default community health files to the root of a public repository called .github that is owned by an organization or user account. GitHub will use and display default files for any public repository owned by the account that does not have its own file of that type in any of the following places:

  • the root of the repository
  • the .github folder
  • the docs folder
tallclair

comment created time in 3 months

created repositoryjoelsmith/.github

created time in 3 months

fork joelsmith/alibaba-cloud-csi-driver

CSI Plugin for Kubernetes, Support Alibaba Cloud EBS/NAS/OSS/CPFS/LVM.

fork in 3 months

Pull request review commentkubernetes/kubernetes

jsonpath: allow a maximum of 2 periods (..) when parsing

 func (p *Parser) parseRecursive(cur *ListNode) error { 	cur.append(newRecursive()) 	if r := p.peek(); isAlphaNumeric(r) { 		return p.parseField(cur)+	} else if r == '.' {+		// one or more periods following the recursive descent operator .. is invalid

I suppose one period following .. could be considered valid, even if it has no effect. I have an alternate version of the code which ignores any periods immediately following .. I think one could argue that is a valid interpretation of what a jsonpath author intended if their expression includes more than 2 periods.

 // parseRecursive scans the recursive desent operator ..

 func (p *Parser) parseRecursive(cur *ListNode) error {
        p.pos += len("..")
        p.consumeText()
        cur.append(newRecursive())
+       // swallow any periods immediately following the recursive descent operator
+       for r := p.peek(); r == '.'; r = p.peek() {
+               p.pos += len(".")
+               p.consumeText()
+       }
        if r := p.peek(); isAlphaNumeric(r) {
                return p.parseField(cur)
        }
        return p.parseInsideAction(cur)
 }

I'm happy to post that version instead if it seems like more appropriate behavior.

joelsmith

comment created time in 3 months

delete branch joelsmith/cvelist

delete branch : cve-2020-8553

delete time in 3 months

PR closed joelsmith/cvelist

Publish details for CVE-2020-8553

Still awaiting details from reporter for credit

+78 -7

1 comment

1 changed file

joelsmith

pr closed time in 3 months

PR opened CVEProject/cvelist

Reviewers
Publish details for CVE-2020-8553
+84 -7

0 comment

1 changed file

pr created time in 3 months

push eventjoelsmith/cvelist

santosomar

commit sha f12642a237488f9168f3dfb5293fb3e2ee7c0a23

Adding Cisco CVE-2020-3452

view details

CVE Team

commit sha 635a71b836615e174c9083132596af72fde5040a

Auto-merge PR#4387 Auto-merge PR#4387

view details

CVE Team

commit sha 4b269f71920250fa2d56e29affe75f17b05a57a3

"-Synchronized-Data."

view details

CVE Team

commit sha c4171656c3ead7f62bbc9f13482f4b4f322cba29

"-Synchronized-Data."

view details

Scott Moore

commit sha 770b318b33c73d7b96683fa67f607f48be7dbd13

Merge pull request #300 from CVEProject/master XFA Rebase

view details

Scott Moore - IBM

commit sha 1459aac81bc67ff3de4c0756d92f221f07659500

IBM20200722-162355 Added CVE-2020-4397, CVE-2020-4371, CVE-2020-4369, CVE-2020-4400, CVE-2020-4399, CVE-2020-4372, CVE-2020-4385

view details

CVE Team

commit sha 4e384c7905b01f14f8c67f914d4f0cc78111e9dd

Auto-merge PR#4388 Auto-merge PR#4388

view details

CVE Team

commit sha 1c2de37be348cfc5ec9701067f2c3a493ceef13b

"-Synchronized-Data."

view details

CVE Team

commit sha ea5df5f6e0df8ad5cd4e6b0d46ecaae6b6aec237

"-Synchronized-Data."

view details

zdi-team

commit sha 8079f034af9162ffc9b4ff38e21c1041bc3a109a

ZDI assigns the following CVEs: 2020/10xxx/CVE-2020-10917.json

view details

CVE Team

commit sha 0d5892a6233da6ede1e2a36e4a428526ee365f3d

Auto-merge PR#4389 Auto-merge PR#4389

view details

CVE Team

commit sha 57e16f7603cc9a8391634ca94b701cb17d023213

"-Synchronized-Data."

view details

Robert Schultheis

commit sha 9dac9ebf2b1fbab0182726a9a9d7216c824e45e8

add CVE-2020-15126 for GHSA-236h-rqv8-8q73

view details

CVE Team

commit sha 4165f630a8c490b0ae4513b8394340cd80f5cf7c

Auto-merge PR#4390 Auto-merge PR#4390

view details

Anton Black

commit sha 68d12d5702bcbdb8f797fc9c21b2839e1d292c49

Registering a URL reference for an issue in Jira Server.

view details

zdi-team

commit sha ce22ac60836657faf67a35809488b2a6d934ece2

ZDI assigns the following CVEs: M 2020/10xxx/CVE-2020-10923.json M 2020/10xxx/CVE-2020-10924.json M 2020/10xxx/CVE-2020-10925.json M 2020/10xxx/CVE-2020-10926.json M 2020/10xxx/CVE-2020-10927.json M 2020/10xxx/CVE-2020-10928.json M 2020/10xxx/CVE-2020-10929.json M 2020/10xxx/CVE-2020-10930.json M 2020/15xxx/CVE-2020-15416.json M 2020/15xxx/CVE-2020-15417.json

view details

Tim Allclair

commit sha 44694f81a2e84cb37c7d6268acd39d5ca7846ddc

Publish CVE-2019-11252

view details

Tim Allclair

commit sha c9344ff5e1301dddc737d5f4605aebf639b75079

Correct affected versions for cve-2020-8559

view details

Joel Smith

commit sha b106b00ef320ec8e20864db78e81363fd61a0ad6

Publish details for CVE-2020-8557

view details

CVE Team

commit sha 46e7352a58b8b8706da8c926c3fbe20298209456

"-Synchronized-Data."

view details

push time in 3 months

PR opened kubernetes/k8s.io

Add new associate PSC members to the distributors-announce group

We have recently added two new associate members of the PSC who should be subscribed to the distributors-announce list

See https://github.com/kubernetes/security/pull/104 and https://github.com/kubernetes/security/pull/85

+2 -0

0 comment

1 changed file

pr created time in 3 months

push eventjoelsmith/k8s.io

Linus Arver

commit sha 36cdfe3eb3af4b3c3438a4ebe76969bd59e52d38

docs: update VDF status

view details

Kubernetes Prow Robot

commit sha c537e4519ba9bbc4d2f063cc5086bc3e541cd854

Merge pull request #1066 from joelsmith/master Add repo SECURITY.md

view details

Kubernetes Prow Robot

commit sha 6ee1210c382867c4c32589cf1efe9d4e076d83ad

Merge pull request #1065 from listx/master docs: update VDF status

view details

Antoni Zawodny

commit sha 5bbae3723c2bbf0b782fd449f622b4ed9abb8a73

Add tosi3k to k8s-infra-prow-viewers@kubernetes.io group Follow-up on https://github.com/kubernetes/test-infra/pull/18471#discussion_r461049446. This is to have more insight if some resource limits decrease for scalability test jobs could be possible. /cc spiffxp

view details

Kubernetes Prow Robot

commit sha c9bdf1f9722f2644f9ee4fbcbcd3881581499eb7

Merge pull request #1067 from tosi3k/patch-2 Add tosi3k to k8s-infra-prow-viewers@kubernetes.io group

view details

hasheddan

commit sha 6525411de58211c33a9aee5077d51b3517f9b29c

Add hasheddan to k8s-infra-prow-viewers Requesting view access to help address CI Signal issues in a more timely manner. Signed-off-by: hasheddan <georgedanielmangum@gmail.com>

view details

Kubernetes Prow Robot

commit sha e774c20ca2590dd71c4f19095986ab63f88488ad

Merge pull request #1068 from hasheddan/hasheddan-prow-viewer Add hasheddan to k8s-infra-prow-viewers

view details

Yodahe Alemu

commit sha d2c5e910ce3cd61d135feecfcc999c506c4e9645

add an image of cip that contains fix for vuln check

view details

Kubernetes Prow Robot

commit sha 6af54df72483452ccf4a19b6dcdf807d269a6bc6

Merge pull request #1069 from yodahekinsew/bump-promoter-vuln-check-update bump promoter image with vuln check fix

view details

Joel Smith

commit sha ea059a45c99b1f825e47ca9b2794efb3bab2b078

Add new associate PSC members to the distributors-announce group

view details

push time in 3 months

pull request commentkubernetes/security

Add Alex Tcherniakhovski as an associate member

/hold cancel

Welcome, @immutableT!

tallclair

comment created time in 3 months

pull request commentkubernetes/kubernetes

Add repo SECURITY.md

I wasn't aware that the SECURITY.md file could also live in .github/. So I suppose that the choice comes down to whether to put it in the root for increased visibility or to put it in .github to avoid adding things to the root dir. I see that in #79050 they decided to avoid clutter. I think that my preference is for increased visibility. I suspect that most GitHub users are unaware that that there is a repo "Security" tab at the top of the website. I had no idea to look there until we started talking about adding the policies across all the repos.

/cc @tallclair

joelsmith

comment created time in 3 months

PR opened kubernetes/security

Add repo SECURITY.md

See https://github.com/kubernetes/security/issues/105

+22 -0

0 comment

1 changed file

pr created time in 3 months

push eventjoelsmith/security

Kubernetes Prow Robot

commit sha d810493e4ec5956a001688ef8288b4118db59eb6

Merge pull request #106 from joelsmith/master PSC On-call should review new k/security PRs and issues

view details

Joel Smith

commit sha 9c409868340dac793ee2ac7578dc3e93bb7d084b

Add SECURITY.md

view details

push time in 3 months

pull request commentkubernetes/kubernetes

Add repo SECURITY.md

/retest

joelsmith

comment created time in 3 months

push eventjoelsmith/kops

Kubernetes Prow Robot

commit sha 94f8a54d0e250b36d15a7492327938e2d3529e1b

Merge pull request #8972 from geojaz/gce/update_sdk Migrates GCE sdk from v0.beta to v1

view details

Kubernetes Prow Robot

commit sha 73a93f7d44a766cee4e5751961525405a465fde2

Merge pull request #8961 from hakman/calico-v3.13.3 Update Calico and Canal to latest patch versions

view details

mosheshitrit

commit sha 947c2221882f53f5b88901c9123256e91bd7b633

Update alpha and stable channels with April updates

view details

Ciprian Hacman

commit sha e1b95fd0dafc05591e31a8c27b052b628f9deaea

Default to Debian 9 (Stretch) for Kubernetes 1.8, 1.9 and 1.10

view details

Ciprian Hacman

commit sha 95ab317c8ae7edd6e9a37eef0854cb2e0ba1105f

Don't install static utils for Flatcar

view details

Michal Schott

commit sha 367f8856e33d70cdf60beb02480aa58d95a63bbe

Update docs/cluster_spec.md Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com>

view details

Michal Schott

commit sha 91ac57acb1cda19fcc9ce335a19c6441094f5f05

Make crds.

view details

Kubernetes Prow Robot

commit sha b0ed73789901d2fb97e11a9b58314e1a485d6839

Merge pull request #8974 from MoShitrit/update-channels Update alpha and stable channels with April updates

view details

Ole Markus With

commit sha 33eea2639f839c7ccdfdce8b6dda0f70a4410fa3

Test for ability to switch from single to multi-master

view details

Ole Markus With

commit sha 158c785c71d3fbab759f3e983195bd7e661e4d92

Fix single to multi-master migration * Make it possible to add additional etcd members * Update the documentation

view details

Ole Markus With

commit sha 3e3b2019dc4892ca56144f1f1175d18b19829955

Bump cilium to 1.7.2

view details

Ole Markus With

commit sha 23b954a95a61245c169a49d9119230cf2f677464

Make gofmt and update-header

view details

John Gardiner Myers

commit sha 7e934440e5f4f4c4a0e3bfe896d3df461fe07be0

Remove support for the legacy etcd provider as of k8s 1.18

view details

John Gardiner Myers

commit sha 3f66e092e560294a2d198a1ddfdbd2a8b0d43cfd

Fix field names for etcd members

view details

Jim Werwath

commit sha 13cdaab6fc195966bf7ed3ba8d7fa96a554c4690

Make addons directory link absolute to avoid 404 Generated documentation at https://kops.sigs.k8s.io/operations/addons/#addon-management currently gives 404 on "addons directory" link to https://kops.sigs.k8s.io/addons

view details

Kubernetes Prow Robot

commit sha 8340b5ff43d323e45a0b40544ae09c8fcdef700d

Merge pull request #8986 from dj80hd/patch-1 Make addons directory link absolute to avoid 404

view details

Nathaniel Irons

commit sha d6b80fc3054e47e355c299e7f7c1260c885ae620

Add initial github actions workflow

view details

mosheshitrit

commit sha 9fffc5f8e0c071b6d3753e676fc8776687b77ad6

Make CPU Requests for Calico configurable instead of hard-coded Update bindata.go Apply suggestions from code review Applying suggested changes. Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com> Applying changes after running `make gofmt` Applying changes after running `make crds` Apply suggestions from code review Applying suggested changes. Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com> Applying changes after running `make gofmt` Fixing broken things Typo fixes Apply suggestions from code review Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com> Apply suggested changes and run necessary `make` steps

view details

Kubernetes Prow Robot

commit sha 5738ffab1387e49486f72494e2effc249b16a587

Merge pull request #8987 from MoShitrit/fix-issue-7930 Make CPU Requests for Calico configurable instead of hard-coded

view details

Nathaniel Irons

commit sha 699a9a93aa6b0f15b07efea779f811a84f709783

Drop go 1.14 on macOS

view details

push time in 3 months

push eventjoelsmith/kops

Joel Smith

commit sha 20644c17eb11740cb8ea99c0f9066aa872a9afbf

Add SECURITY.md

view details

push time in 3 months

Pull request review commentkubernetes/kops

Add repo SECURITY.md

+# Security Policy++## Security Announcements++Join the [kubernetes-security-announce] group for security and vulnerability announcements.++You can also subscribe to an RSS feed of the above using [this link][kubernetes-security-announce-rss].++## Reporting a Vulnerability++Instructions for reporting a vulnerability can be found on the+[Kubernetes Security and Disclosure Information] page.++## Supported Versions++Information about supported Kubernetes versions can be found on the+[Kubernetes version and version skew support policy] page on the Kubernetes website.

@johngmyers Sorry about that. I'm just pushing the same generic file to all our repos, but it makes sense for kops to reference its own policy as appropriate. How would you like to proceed? Do you think we should merge this and then kops maintainers can edit as you see fit in follow-on PRs? Or do you want to propose an alternate PR now and I'll close this? Or do you want to give me edits and I'll make them in this PR?

joelsmith

comment created time in 3 months

pull request commentkubernetes/kube-state-metrics

Add repo SECURITY.md

@tariq1890 we're phasing out SECURITY_CONTACTS and will be adding an optional section to the owners files instead. If security contacts aren't mentioned in the owners files, the PSC will default to approvers.

joelsmith

comment created time in 3 months

pull request commentkubernetes/kubernetes-template-project

Add SECURITY.md security policy

All PRs are now open and they all link back to the master issue: https://github.com/kubernetes/security/issues/105

Do we need to do the same thing for any other GitHub orgs, such as kubernetes-sigs?

tallclair

comment created time in 3 months

create barnchjoelsmith/website

branch : security_md

created branch time in 3 months

PR opened kubernetes/website

Add repo SECURITY.md

See https://github.com/kubernetes/security/issues/105

+22 -0

0 comment

1 changed file

pr created time in 3 months

PR opened kubernetes/test-infra

Add repo SECURITY.md

See https://github.com/kubernetes/security/issues/105

+22 -0

0 comment

1 changed file

pr created time in 3 months

push eventjoelsmith/utils

Tim Hockin

commit sha 88c450d32ff6bb3c00dcacc25feb194cf84ae6db

Add a util/mount pkg

view details

Brendan Burns

commit sha dad0547f4d8782024eade684b76b5fe47e3f082f

Add a mounter that uses google's safe_format_and_mount.

view details

Brendan Burns

commit sha 828dfc62c34b858d2a953fbf01e29e4adce13ae5

fix build on non-linux hosts.

view details

Paul Morie

commit sha 7f3a33d6f9a447e22878c39ba382aa7566e1bf94

Factor mount utility code out gce_pd volume plugin

view details

Paul Morie

commit sha 992983645cc49886f2538c15da0b7df396e343a2

Fix mount refactor nits

view details

Tim Hockin

commit sha a0618978ce0d856a8f20dc0d5379b6995435799a

Add an action log to FakeMounter. # *** ERROR: *** docs are out of sync between cli and markdown # run hack/run-gendocs.sh > docs/kubectl.md to regenerate # # Your commit will be aborted unless you regenerate docs. COMMIT_BLOCKED_ON_GENDOCS

view details

Deyuan Deng

commit sha 7aa2bc114a78abf819208424a8f5b840d2249ff7

Abstract ismountpoint and use platform mounter for NFS volume

view details

Huamin Chen

commit sha 94734c552feabf162f8d29ce1442e63313887da2

add iscsi volume plugin Signed-off-by: Huamin Chen <hchen@redhat.com>

view details

Deyuan Deng

commit sha 31a6ef5ddd7ed4aee8fe7e2d7e768f16b5e241d3

Change mount.Interface.Mount to exec('mount'), instead of syscall

view details

Eric Paris

commit sha 813edbed33cac4a00a3770fb25bdb14e16c2bd41

Make copyright ownership statement generic Instead of saying "Google Inc." (which is not always correct) say "The Kubernetes Authors", which is generic.

view details

Paul Morie

commit sha 360a1f0d1b80cc0cfb277b281a8d89d57afd1370

Add NsenterMounter mount implementation

view details

Paul Morie

commit sha 1936b11019b19c2032e95ce6c0d6029724551a79

Add containerized option to kubelet binary

view details

Paul Morie

commit sha 0fb1e4934c68b7f80c0c4eb365c0bcff2c642fe4

Fix typo in nsenter_mount.go

view details

Paul Morie

commit sha 8c546acaa3837511129798ee830fc2fbe4d57048

Add tests for secret volume plugin reboot/idempotency

view details

Justin Santa Barbara

commit sha 0dcb55f7935d731b64478dbdc861f234d9f7fe51

Add logging to volume tear-down to help understand mount behaviour

view details

Justin Santa Barbara

commit sha e8d30fd9488f0682dd2aaedaf2a37e66f78a1b53

Mount logic breaks if /var/lib/kubelet is a symlink Pass the correct kubelet root-dir on AWS

view details

markturansky

commit sha 76fd765e2ee5e8d3de8e89d68732702ecc73b82d

Fixed formatting of error message

view details

Clayton Coleman

commit sha fc71a158e9d990ef2a3ed43de23034f9483e64e3

Use nsenter on PATH in container, and separate args nsenter needs '--' to separate calls

view details

Clayton Coleman

commit sha 3095944a54aaf476dda91d27c2122ffe3cfcce10

Search the parent FS for the proper binaries

view details

Mike Danese

commit sha 60dd1b50b8561c065bcdbbe51738f2fafd9de71b

rewrite go imports

view details

push time in 3 months

more