github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,151 Commits 1 Branch 31 Tags 1,019 MiB
main
Commit Graph

737 Commits

Author SHA1 Message Date
yxxhero
2f448a0789 fix oomkilled description 
Signed-off-by: yxxhero <aiopsclub@163.com>
 2021-09-03 22:07:46 +08:00
yxxhero
71a91d55cb update func description 2021-09-03 07:20:28 +08:00
yxxhero
afde4c8bc4 fix init container oomkilled as a failure 
Signed-off-by: yxxhero <aiopsclub@163.com>
 2021-09-03 07:04:57 +08:00
Sascha Grunert
46077e6be7
Remove deprecated --seccomp-profile-root/seccompProfileRoot configuration 
The configuration is deprecated and targets removal for v1.23. Tests
cases have been changed as well.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-08-31 09:55:28 +02:00
Stephen Augustus
481cf6fbe7
generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2021-08-24 15:47:49 -04:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Ryan Phillips
30e9a420c4 kubelet: fix sandbox creation error suppression when pods are quickly deleted 2021-08-10 08:55:25 -05:00
Kubernetes Prow Robot
4b2f2a0cd8
Merge pull request #102789 from haircommander/add-summary-stats-to-cri 
CRI: add fields for pod level stats to satisfy the /stats/summary API
 2021-08-04 18:59:43 -07:00
rarashid
bf2ae14501 Move feature flag to beta (but leave as false) and remove the feature flag from Kubelet 2021-07-13 14:25:44 -05:00
Elana Hashman
642eff0c69
Rename NodeSwapEnabled flag to NodeSwap 2021-07-09 11:39:52 -07:00
Kubernetes Prow Robot
dab6f6a43d
Merge pull request #102344 from smarterclayton/keep_pod_worker 
Prevent Kubelet from incorrectly interpreting "not yet started" pods as "ready to terminate pods" by unifying responsibility for pod lifecycle into pod worker
 2021-07-08 16:48:53 -07:00
Kubernetes Prow Robot
a9d7526864
Merge pull request #102970 from tkestack/feature-memory-qos 
Feature: Support memory qos with cgroups v2
 2021-07-08 14:01:36 -07:00
Kubernetes Prow Robot
7c84064a4f
Merge pull request #99000 from verb/1.21-kubelet-metrics 
Add kubelet metrics for ephemeral containers
 2021-07-08 14:00:55 -07:00
Peter Hunt
a9b7dcc8c2 kubelet: update remote runtimes for cri stat changes 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2021-07-08 13:17:04 -04:00
Li Bo
c3d9b10ca8 feature: support Memory QoS for cgroups v2 2021-07-08 09:26:46 +08:00
Elana Hashman
5584725605
Explicitly set LimitedSwap case with fallthrough 2021-07-06 13:50:09 -07:00
Clayton Coleman
3eadd1a9ea
Keep pod worker running until pod is truly complete 
A number of race conditions exist when pods are terminated early in
their lifecycle because components in the kubelet need to know "no
running containers" or "containers can't be started from now on" but
were relying on outdated state.

Only the pod worker knows whether containers are being started for
a given pod, which is required to know when a pod is "terminated"
(no running containers, none coming). Move that responsibility and
podKiller function into the pod workers, and have everything that
was killing the pod go into the UpdatePod loop. Split syncPod into
three phases - setup, terminate containers, and cleanup pod - and
have transitions between those methods be visible to other
components. After this change, to kill a pod you tell the pod worker
to UpdatePod({UpdateType: SyncPodKill, Pod: pod}).

Several places in the kubelet were incorrect about whether they
were handling terminating (should stop running, might have
containers) or terminated (no running containers) pods. The pod worker
exposes methods that allow other loops to know when to set up or tear
down resources based on the state of the pod - these methods remove
the possibility of race conditions by ensuring a single component is
responsible for knowing each pod's allowed state and other components
simply delegate to checking whether they are in the window by UID.

Removing containers now no longer blocks final pod deletion in the
API server and are handled as background cleanup. Node shutdown
no longer marks pods as failed as they can be restarted in the
next step.

See https://docs.google.com/document/d/1Pic5TPntdJnYfIpBeZndDelM-AbS4FN9H2GTLFhoJ04/edit# for details
 2021-07-06 15:55:22 -04:00
Elana Hashman
d3fd1362ca
Rename NoSwap to LimitedSwap as workloads may still swap 
Also made the options a kubelet type, address API review feedback
 2021-06-29 12:08:21 -07:00
Elana Hashman
0deef4610e
Set MemorySwapLimitInBytes for CRI when NodeSwapEnabled 2021-06-29 11:59:02 -07:00
Sascha Grunert
8b7003aff4
Add SeccompDefault feature 
This adds the gate `SeccompDefault` as new alpha feature. Seccomp path
and field fallbacks are now passed to the helper functions, whereas unit
tests covering those code paths have been added as well.

Beside enabling the feature gate, the feature has to be enabled by the
`SeccompDefault` kubelet configuration or its corresponding
`--seccomp-default` CLI flag.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Apply suggestions from code review

Co-authored-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-06-23 10:22:57 +02:00
Kubernetes Prow Robot
13cafd5cb0
Merge pull request #101480 from yuzhiquan/little-nit-for-kubelet 
Fix some nit for kubelet
 2021-05-24 21:49:05 -07:00
Kubernetes Prow Robot
a49b4a1018
Merge pull request #100608 from pacoxu/fix/poststart-hook 
correct messages in post start hook error handling
 2021-05-24 21:48:32 -07:00
pacoxu
75c19da843 correct messages in post start hook error handling 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-05-20 15:14:47 +08:00
marosset
fd94032b21 Kubelet updates for Windows HostProcess Containers 2021-05-19 16:24:14 -07:00
Kubernetes Prow Robot
a238eb2fe8
Merge pull request #99748 from rphillips/fixes/check_log_path_for_restart_count 
kubelet: fix log files being overwritten on container state loss
 2021-05-03 16:14:19 -07:00
yuzhiquan
bebca30309 comment should have function name as prefix 2021-04-28 15:26:46 +08:00
Lee Verberne
29178fff1c Add kubelet managed pod metrics 2021-04-13 14:13:30 +02:00
Quan Tian
a90df057ac Fix panic when killing container fails 
Use runningPod for logging as the pod passed in could be nil.
 2021-04-12 14:02:53 +08:00
Kubernetes Prow Robot
862aa6d3a0
Merge pull request #99970 from krzysiekg/structured_logging_pkg_kubelet_kuberuntime 
Migrate pkg/kubelet/kuberuntime to structured logging
 2021-03-17 11:45:31 -07:00
Krzysztof Gibuła
629d5ab213 Migrate pkg/kubelet/kuberuntime to structured logging 2021-03-17 01:53:44 +01:00
Kubernetes Prow Robot
e082d84575
Merge pull request #100196 from ehashman/remains-of-logs 
Migrate remaining logs to structured logging
 2021-03-16 13:12:55 -07:00
Ryan Phillips
d169c81496 check log directory for restartCount 2021-03-15 15:33:29 -05:00
Elana Hashman
1c95d63df0
Migrate kuberuntime_gc.go to structured logs 2021-03-15 12:39:35 -07:00
Aditi Sharma
461c0c1656 Fix structured logging for kuberuntime_manger.go 2021-03-15 10:13:18 +05:30
Elana Hashman
9fb6e712ff
Override terminationLivenessGracePeriod for probes 2021-03-11 14:38:03 -08:00
Kubernetes Prow Robot
c22f099395
Merge pull request #99841 from adisky/kuberuntime_manager 
Migrate pkg/kubelet/kuberuntime/kuberuntime_manager.go to structured logging
 2021-03-08 16:27:44 -08:00
Aditi Sharma
45c7608379 Migrate to structured logging 
pkg/kubelet/kuberuntime/kuberuntime_manager.go

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-03-08 11:27:44 +05:30
Kubernetes Prow Robot
c193c1b234
Merge pull request #98376 from matthyx/mega 
Make all health checks probing consistent
 2021-03-06 11:45:41 -08:00
Matthias Bertschy
431e6a7044 Move readinessManager updates handling to kubelet 2021-03-05 07:02:25 +01:00
chenyw1990
68457812f3 Use structured logging to refactor log printing code, and add containerName to log output information 2021-03-05 09:10:05 +08:00
Kubernetes Prow Robot
d85aed6e5b
Merge pull request #99491 from uzuku/2021-feb-fix-typo 
Fix typo in comment for purgeInitContainers.
 2021-03-01 17:13:21 -08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
uzuku
8c53bfe1ea Fix typo in comment for purgeInitContainers. 2021-02-26 21:33:31 +08:00
pacoxu
3de4dd841f
remove featuregate for sysctl 
Co-authored-by: Skyler Clark <wgahnagl@protonmail.com>
 2021-02-22 16:51:43 -05:00
Ryan Phillips
f989adaa18 kubelet: fix create create sandbox delete pod race 2021-02-18 11:22:12 -06:00
Kubernetes Prow Robot
ee2b7a5049
Merge pull request #98049 from pacoxu/enhancements/redir-links 
fix all keps links 404 for kep folder migration
 2021-02-01 21:48:28 -08:00
pacoxu
a10bdfed09 fix all keps links 404 for kep folder migration 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-02-01 19:41:59 +08:00
ialidzhikov
21608e49a7 Remove WindowsGMSA and WindowsRunAsUserName feature gates 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2021-01-30 02:01:48 +02:00
Kubernetes Prow Robot
6fae18523d
Merge pull request #98019 from cynepco3hahue/specify_resource_during_container_creation_cpu_manager 
cpu manager: specify the container CPU set during the creation
 2021-01-25 14:15:12 -08:00
Kubernetes Prow Robot
cea1098997
Merge pull request #97715 from changshuchao/files_tmptag 
Made some optimizations, including modifying variable names, omitting…
 2021-01-21 22:55:26 -08:00
Artyom Lukianov
38dc7509f8 cpu manager: specify the container CPU set during the creation 
We can set the container cpuset.cpus diring the creation and it
will not need to call to update resources after the container creation.

Additional side effect of the change, that the runc process that responsible
to create the container will run with the same CPU affinity because the
runc runs on the cpuset provided in the config.json arg.

It will allow to prevent undesirable interupts on isolated CPUs.

Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
 2021-01-20 17:53:33 +02:00
changshuchao
42eb85e4fb Made some optimizations, including modifying variable names, omitting unnecessary parentheses, and conflicting variable names and package names. 
Signed-off-by: changshuchao <chang.shuchao1@zte.com.cn>
 2021-01-16 17:24:08 +08:00
wawa0210
ea9df6361b
remove windows container hyper-v support 2021-01-14 22:49:34 +08:00
Sergey Kanzhelev
4c9e96c238 Revert "Merge pull request #92817 from kmala/kubelet" 
This reverts commit 88512be213, reversing
changes made to c3b888f647.
 2021-01-12 22:27:22 +00:00
Kubernetes Prow Robot
125530629a
Merge pull request #96572 from sjenning/dont-rerun-init 
kubelet: do not rerun init containers if any main containers have status
 2020-12-08 17:29:18 -08:00
Kubernetes Prow Robot
1588d58151
Merge pull request #95099 from brianpursley/TestReadLogs 
Added unit tests for ReadLogs
 2020-12-08 16:29:02 -08:00
Kubernetes Prow Robot
b6e0aac05c
Merge pull request #93920 from zhouya0/log_with_limited_tail 
[Flaky Test] Add limited lines to log when having tail option
 2020-12-08 16:28:45 -08:00
Seth Jennings
c8d02f703b kubelet: do not rerun init containers if any main containers have status 2020-12-01 14:59:03 -06:00
Kubernetes Prow Robot
12d9183da0
Merge pull request #95718 from SergeyKanzhelev/runtimeClass2 
RuntimeClass GA
 2020-11-12 00:44:51 -08:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Andrew Sy Kim
51441fd052 kubelet: support alpha credential provider exec plugins 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-11-10 13:44:06 -05:00
Mrunal Patel
32b9ac7d0c kubelet: Use CRI SecurityProfile for Seccomp 
We set both the old and the new fields for now and will
remove the old field in the next release.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
 2020-11-05 15:43:29 -08:00
brianpursley
52cd3252d6 Add unit tests for ReadLogs 2020-09-28 08:20:05 -04:00
Kubernetes Prow Robot
e92f8c8457
Merge pull request #94911 from wawa0210/fix-94898 
Enhance log information of verifyRunAsNonRoot, add pod, container information
 2020-09-24 13:57:25 -07:00
Kubernetes Prow Robot
402b94f313
Merge pull request #91469 from kinvolk/rata/fix-kubelet-log-msg 
Fix kubelet log message when starting a container
 2020-09-21 22:28:46 -07:00
wawa0210
be1c85d915
Enhance the prompt information of verifyRunAsNonRoot, add pod, container information 2020-09-22 08:10:54 +08:00
Kubernetes Prow Robot
73dda0af5d
Merge pull request #92355 from wawa0210/fix-91482 
fix windows container root validate
 2020-09-14 10:42:59 -07:00
Kubernetes Prow Robot
f5a42d69c9
Merge pull request #93475 from ravisantoshgudimetla/fix-kubelet-scc 
Strip unnecessary security contexts on Windows
 2020-09-10 18:14:14 -07:00
Kubernetes Prow Robot
88512be213
Merge pull request #92817 from kmala/kubelet 
Check for sandboxes before deleting the pod from apiserver
 2020-09-10 07:27:45 -07:00
knight42
c6f9b402fb
test(kuberuntime): deflake TestRecordOperation 
Avoid using hard-coded port

Signed-off-by: knight42 <anonymousknight96@gmail.com>
 2020-09-05 13:36:26 +08:00
Kubernetes Prow Robot
1d1daaa044
Merge pull request #94084 from brianpursley/kubernetes-93925-logging 
Add logging when fail to kill container or pod
 2020-09-04 03:32:23 -07:00
Kubernetes Prow Robot
48d5d204c3
Merge pull request #92614 from tnqn/onfailure-recreate 
Don't create a new sandbox for pod with RestartPolicyOnFailure if all containers succeeded
 2020-09-03 14:57:40 -07:00
brianpursley
6d001ebb68 Add logging if container or pod fails to be killed 2020-08-25 20:37:49 -04:00
knight42
cfeddcf654
test(kuberuntime): deflake TestRemoveContainer 
Signed-off-by: knight42 <anonymousknight96@gmail.com>
 2020-08-24 11:14:02 +08:00
Kubernetes Prow Robot
6da73aa572
Merge pull request #93333 from loburm/fix-logrotate 
Fix an issue when rotated logs of dead containers are not removed.
 2020-08-20 03:27:23 -07:00
zhouya0
44c24758b0 [Flaky Test] Add limited lines to log when having tail option 2020-08-18 17:13:25 +08:00
Rodrigo Campos
e6c67c32e1 Fix kubelet log message when starting a container 
This code can be called not only when a container is dead and restarted,
but when is started for the first time too. For example, any pod with
initContainer and containers will exhibit this behaviour. The reason is
that in that case, the "if createPodSandbox" path will return the
initContainers only and on the next call to this function this code is
executed to start the containers for the fist time.

In that case, it is wrong to log that the container is dead and will be
restarted, as it was never started. In fact, the restart count will not
be increased.

This commit just changes this to say that the container is not in the
desired state and should be started. In the end, the kubelet is a state
machine and that is all we really care about.

No tests are added, as the behaviour was correct and tests don't check
logs messages.

Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
 2020-08-04 14:58:27 -03:00
ravisantoshgudimetla
cd8686bc57 Strip unnecessary security contexts on Windows 
As of now, the kubelet is passing the security context to container runtime even
if the security context has invalid options for a particular OS. As a result,
the pod fails to come up on the node. This error is particularly pronounced on
the Windows nodes where kubelet is allowing Linux specific options like SELinux,
RunAsUser etc where as in [documentation](https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/#v1-container),
we clearly state they are not supported. This PR ensures that the kubelet strips
the security contexts of the pod, if they don't make sense on the Windows OS.
 2020-08-03 23:43:31 -04:00
Jordan Liggitt
7335770670 Make toKubeContainerImageSpec deterministic 2020-07-31 14:41:11 -04:00
wawa0210
ccde63b9c1
fix windows container root validate 2020-07-24 19:59:58 +08:00
Marian Lobur
5d1b3e26af Fix an issue when rotated logs of dead containers are not removed. 2020-07-24 10:06:24 +02:00
Keerthan Reddy,Mala
872859b422 correct the sandboxId attribute in unit tests 2020-07-22 11:54:58 -07:00
Keerthan Reddy,Mala
851d778531 address review comments 2020-07-22 11:54:58 -07:00
Keerthan Reddy,Mala
90cc954eed add sandbox deletor to delete sandboxes on pod delete event 2020-07-22 11:54:58 -07:00
Paulo Gomes
b451563560
Add seccomp least privilege for kuberuntime 2020-07-08 22:03:29 +01:00
Quan Tian
b2b082f54f Don't create a new sandbox for pod with RestartPolicyOnFailure if all containers succeeded 
The kubelet would attempt to create a new sandbox for a pod whose
RestartPolicy is OnFailure even after all container succeeded. It caused
unnecessary CRI and CNI calls, confusing logs and conflicts between the
routine that creates the new sandbox and the routine that kills the Pod.

This patch checks the containers to start and stops creating sandbox if
no container is supposed to start.
 2020-07-07 22:49:48 +08:00
Paulo Gomes
8976e3620f
Add seccomp enforcement and validation based on new GA fields 
Adds seccomp validation.

This ensures that field and annotation values must match when present.

Co-authored-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 09:13:25 +01:00
Kubernetes Prow Robot
9a3276548b
Merge pull request #91956 from kinvolk/rata/fix-kubelet-log-on-kill 
kubelet: Fix log typo when killing a container
 2020-06-24 13:30:38 -07:00
Kubernetes Prow Robot
14d9b5d758
Merge pull request #92325 from brianpursley/sync-pod-log 
Add pod and container name in log message when container fails to start
 2020-06-24 04:55:18 -07:00
Brian Pursley
2afc8e0eab Add pod and container name in log message when container fails to start 2020-06-23 12:59:53 -04:00
Rodrigo Campos
82856541fb kubelet: Fix log typo when killing a container 
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
 2020-06-20 20:15:27 -03:00
Kubernetes Prow Robot
3b466d1c48
Merge pull request #91971 from SergeyKanzhelev/renamesInContainer 
fix linter issues for pkg/kubelet/container
 2020-06-19 21:51:32 -07:00
Sergey Kanzhelev
ee53488f19 fix golint issues in pkg/kubelet/container 2020-06-19 15:48:08 +00:00
Javier Diaz-Montes
3538936587 Adding Bazel deps 2020-06-15 08:58:02 -04:00
Javier Diaz-Montes
9743cda4a7 Adding Kubelet changes to enable SetHostnameAsFQDN feature 
These changes allow to set FQDN as hostname of pods for pods
that set the new PodSpec field setHostnameAsFQDN to true. The PodSpec
new field was added in related PR.

This is PART2 (last) of the changes to enable KEP #1797 and addresses #91036
 2020-06-14 21:26:27 -04:00
Kubernetes Prow Robot
99c50dfd3c
Merge pull request #85225 from DataDog/eric.mountain/cleanup_refmanager_master 
Removes container RefManager
 2020-05-28 16:37:15 -07:00
Kubernetes Prow Robot
b98d9407cf
Merge pull request #91207 from iamchuckss/fixed-width-log-timestamps 
Fix log timestamps to maintain a fixed width
 2020-05-21 18:20:37 -07:00
Davanum Srinivas
0608e8be25
update bazel BUILD files 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-20 10:57:47 -04:00
Davanum Srinivas
5692926914
Move packages for slightly better UX for consumers 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-20 10:57:46 -04:00
iamchuckss
b5a02c4190 Fix log timestamps to be displayed in fixed width 2020-05-19 13:07:56 +08:00
Kubernetes Prow Robot
f4112710f5
Merge pull request #90061 from marosset/runtimehandler-image-spec-annotations 
Add annotations to CRI ImageSpec objects
 2020-05-18 16:29:36 -07:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Kubernetes Prow Robot
96e13de777
Merge pull request #88980 from tedyu/evict-delay-sorting 
Delay sorting of evictUnits slice in kuberuntime_gc
 2020-05-14 21:24:58 -07:00
Kubernetes Prow Robot
f7907083c2
Merge pull request #89160 from tedyu/symlink-first-seen 
Remove potentially unhealthy symlink only for dead containers
 2020-04-28 09:58:07 -07:00
Ted Yu
18e9f33fc6 Remove unhealthy symlink only for dead containers 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-04-21 12:30:51 -07:00
marosset
90367729a3 Adding/updating kubelet/kuberuntime tests 2020-04-20 22:25:05 +00:00
marosset
03479e4d12 kubelet - adding pod annotations to various image calls to get runtime-handler info to CRI 2020-04-17 23:57:09 +00:00
ZP-AlwaysWin
5796b7a32e Repair description 2020-04-17 09:36:38 +08:00
Kubernetes Prow Robot
7061dddf26
Merge pull request #88521 from mattjmcnaughton/mattjmcnaughton/add-error-testing-image-service 
Add error path testing to image handling by `kubeGenericRuntimeManager`
 2020-04-07 22:45:43 -07:00
Kubernetes Prow Robot
0d8b4b5df4
Merge pull request #85994 from coderanger/patch-1 
Tiny typo in a comment.
 2020-04-06 15:41:47 -07:00
Shihang Zhang
b56da85a77 sync api/v1/pod/util with api/pod/util and remove DefaultContainers 2020-03-24 16:42:32 -07:00
Kubernetes Prow Robot
e74ad38854
Merge pull request #89013 from dims/copy-jsonlog-from-docker/docker-locally 
Copy jsonlog from docker/docker locally
 2020-03-19 12:08:37 -07:00
Davanum Srinivas
825f99c396
run update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-03-17 21:26:07 -04:00
Davanum Srinivas
0c52ffe08f
make local copy of JSONLog 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-03-17 21:25:55 -04:00
Davanum Srinivas
25c3ddf22e
Just use runtime.NumCPU on windows 
docker folks added NumCPU implementation for windows that
supported hot-plugging of CPUs. The implementation used the
GetProcessAffinityMask to be able to check which CPUs are
active as well.
3707a76921

The golang "runtime" package has also bene using GetProcessAffinityMask
since 1.6 beta1:
6410e67a1e

So we don't seem to need the sysinfo.NumCPU from docker/docker.

(Note that this is PR is an effort to get away from dependencies from
docker/docker)

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-03-17 15:53:52 -04:00
Eric Mountain
22e0ee768b Removes container RefManager 2020-03-16 14:30:57 +01:00
zyu
78e2668539 Delay sorting of evictUnits slice in kuberuntime_gc 
Signed-off-by: zyu <yuzhihong@gmail.com>
 2020-03-09 12:24:42 -07:00
mattjmcnaughton
f215096715
Add error path testing to image handling by kubeGenericRuntimeManager 
In https://github.com/kubernetes/kubernetes/pull/88372, we added the
ability to inject errors to the `FakeImageService`. Use this ability to
test the error paths executed by the `kubeGenericRuntimeManager` when
underlying `ImageService` calls fail.

I don't foresee this change having a huge impact, but it should set a
good precedent for test coverage, and should the failure case behavior
become more "interesting" or risky in the future, we already will have
the scaffolding in place with which we can expand the tests.
 2020-02-25 08:27:30 -05:00
Patrick Lang
63ff616aa8 Adding Windows CPU limit tests 2020-02-24 19:46:39 +00:00
Patrick Lang
19acf7d051 Fix cpu resource limit on Windows 2020-02-24 19:46:39 +00:00
Kubernetes Prow Robot
d0983b562d
Merge pull request #84731 from verb/ec-pid 
Add namespace targeting mode to CRI and kubelet
 2020-02-20 04:29:17 -08:00
Kubernetes Prow Robot
d8b325b534
Merge pull request #85856 from adelina-t/cpu_requests_fix_ctrd 
Fix Cpu Requests priority Windows.
 2020-02-07 15:19:58 -08:00
Kubernetes Prow Robot
d90dd93855
Merge pull request #82111 from xieyanker/xieyanker-patch-2 
remove stateCheckPeriod
 2020-02-05 04:17:55 -08:00
Lee Verberne
4d4e111f01 Generated code for kubelet namespace targeting 2020-01-30 15:31:43 +01:00
Lee Verberne
9a6d50cb2a Add namespace targeting to the kubelet 2020-01-30 15:31:43 +01:00
sewon.oh
463442aa29
Update container hugepage limit when creating the container 
Unit test for updating container hugepage limit
Add warning message about ignoring case.
Update error handling about hugepage size requirements

Signed-off-by: sewon.oh <sewon.oh@samsung.com>
 2020-01-28 09:35:02 +09:00
danielqsj
1a9b121764 remove deprecated metrics of kubelet 2020-01-10 16:46:52 +08:00
Kubernetes Prow Robot
9ddbc90039
Merge pull request #84191 from langyenan/getTypedVersion 
invoke getTypedVersion() instead of direct runtime call
 2019-12-10 16:04:19 -08:00
ianlang
babdcd0d14 invoke getTypedVersion() instead of direct runtime call 2019-12-09 15:31:45 +08:00
Kubernetes Prow Robot
e624d1b7bf
Merge pull request #85001 from bmoix/fix-golint-kubelet-httpgetter 
kubelet: rename HTTPGetter interface
 2019-12-06 17:05:53 -08:00
Kubernetes Prow Robot
c9f690d418
Merge pull request #85170 from timyinshi/logSymlink 
modify dockerID to containerID
 2019-12-06 14:27:35 -08:00
Noah Kantrowitz
0ac25f51fc
Tiny typo in a comment. 2019-12-06 01:32:09 -08:00
Adelina Tuvenie
bc7d254317 Fix Cpu Requests priority Windows. 
For Windows, CPU Requests ( Shares, Count and Maximum ) are mutually exclusive, however
Kubernetes sends them all anyway in the pod spec.
When using dockershim this is not an issue, as Docker checks for this specific situation
here: 1bd184a4c2/daemon/daemon_windows.go (L87-L106)

However, when using CRI-Containerd this pods fail to spawn with an error from hcsshim.

This PR intends to filter these values before they are sent to the CRI and not rely on the
runtime for it.

Related to: https://github.com/kubernetes/kubernetes/issues/84804
 2019-12-04 19:32:26 +02:00
Kubernetes Prow Robot
4e45328e65
Merge pull request #83123 from aramase/dualstack-downward-api 
Dualstack downward api
 2019-11-14 22:13:42 -08:00
Kubernetes Prow Robot
d3593c07de
Merge pull request #83057 from bclau/windows/containerd 
Windows: Fixes termination-file mounting support for containerd
 2019-11-13 17:27:36 -08:00
Kubernetes Prow Robot
a08b09d52f
Merge pull request #84279 from matthyx/kuberuntime-startupprobe 
Add startupProbe result handling to kuberuntime
 2019-11-13 13:01:53 -08:00
Kubernetes Prow Robot
c10d29ba88
Merge pull request #84356 from verb/pid-ga 
Promote PodProcessNamespaceSharing feature to GA
 2019-11-13 09:25:42 -08:00
Claudiu Belu
d4d7f58362 Windows: Fixes termination-file mounting for containerd 
If Containerd is used on Windows, then we can also mount individual
files into containers (e.g.: termination-log files), which was not
possible with Docker.

Checks if the container runtime is containerd, and if it is, then also
mount the termination-log file.
 2019-11-12 23:33:55 -08:00
Matthias Bertschy
66595d54a0 Add startupProbe result handling to kuberuntime 2019-11-13 08:12:54 +01:00
root
e9edfbc539 modify dockerID to containerID 2019-11-13 10:43:55 +08:00
Bernat Moix
fc8ea98890 kubelet: rename HTTPGetter interface 2019-11-08 18:18:59 +01:00
Jordan Liggitt
297570e06a hack/update-vendor.sh 2019-11-06 17:42:34 -05:00
yuxiaobo
81e9f21f83 Correct spelling mistakes 
Signed-off-by: yuxiaobo <yuxiaobogo@163.com>
 2019-11-06 20:25:19 +08:00
Lee Verberne
cbbe7d1bb9 Remove checks for PodShareProcessNamespace feature gate 2019-10-31 17:15:23 +00:00
Anish Ramasekar
af4d18ccf9
add status.podIPs in downward api 
add host file write for podIPs

update tests

remove import alias

update type check

update type check

remove import alias

update open api spec

add tests

update test

add tests

address review comments

update imports

remove todo and import alias
 2019-10-25 09:18:49 -07:00
Kubernetes Prow Robot
4cff1c3ea1
Merge pull request #81280 from yqwang-ms/yqwang/exitmsglost 
Fix Container exit message lost due to FallbackToLogsOnError is not compatible with ContainerCannotRun
 2019-10-08 15:41:51 -07:00
Kubernetes Prow Robot
e972912fe4
Merge pull request #74881 from qingsenLi/k8s190304-fix-syntactic 
fix syntactic error in kuberuntime_manager.go
 2019-09-10 14:28:48 -07:00
Kubernetes Prow Robot
da986c56ab
Merge pull request #73944 from xiaoanyunfei/cleanup/rm_unuse_judge 
rm unnecessary judgement
 2019-08-29 13:30:57 -07:00
xieyanker
4b775046d4
remove stateCheckPeriod 
If exec logForceCheckPeriod, there is no need to exec stateCheckPeriod
 2019-08-29 11:06:45 +08:00
Han Kang
3a50917795 migrate kubelet's metrics/probes & metrics endpoint to metrics stability framework 2019-08-28 11:16:38 -07:00
Kubernetes Prow Robot
0e1bad3764
Merge pull request #81747 from Random-Liu/fix-windows-log-follow 
Fix windows kubectl log -f.
 2019-08-23 06:53:24 -07:00
Lantao Liu
7767ff3bb2 Fix windows kubectl log -f. 2019-08-21 15:44:20 -07:00
Tim Allclair
8a495cb5e4 Clean up error messages (ST1005) 2019-08-21 10:40:21 -07:00
Tim Allclair
e06912ca3e Clean up deprecated references 2019-08-21 10:40:21 -07:00
Tim Allclair
6510d26b6a Fix misc static check issues 2019-08-21 10:40:21 -07:00
Tim Allclair
3f510c69f6 Remove dead code from pkg/kubelet/... 2019-08-21 10:40:21 -07:00
Yuqi Wang
f82be3d3d0 Fix Container exit message lost due to FallbackToLogsOnError is not compatible with ContainerCannotRun 2019-08-12 16:15:59 +08:00
Lee Verberne
906286c743 Change order kubelet starts containers 
This starts ephemeral containers prior to init containers so that
ephemeral containers will still be started when init containers fail to
start.

Also improves tests and comments with review suggestions.
 2019-08-02 19:56:38 +00:00
Lee Verberne
7bce18b0ce Generated code for Ephemeral Containers in kubelet 2019-07-24 16:25:52 +00:00
Lee Verberne
ea212d5d49 Add support for ephemeral containers to the kubelet 2019-07-24 16:24:26 +00:00
James Sturtevant
a8c78d1359 Windows: Sets the effective SecurityContext's RunAsUserName 
Co-Authored-By: Claudiu Belu <cbelu@cloudbasesolutions.com>
 2019-07-17 15:03:11 +00:00
Kubernetes Prow Robot
becf718143
Merge pull request #78368 from tedyu/evict-sandboxes 
Call getKubeletSandboxes first in containerGC#evictSandboxes
 2019-07-11 14:33:21 -07:00
tiffany jernigan
27a0d91f2d Remove lazy provide from credential provider and kubelet (#79674) 
* Remove LazyProvide from kubelet

* Remove LazyProvide from cloud providers

* Remove LazyProvide from credential provider keyring and provider
 2019-07-03 13:52:52 -07:00
Khaled Henidak(Kal)
dba434c4ba kubenet for ipv6 dualstack 2019-07-02 22:26:25 +00:00
Yu-Ju Hong
3fac48f86a kubelet: retry pod sandbox creation when containers were never created 
If kubelet never gets past sandbox creation (i.e., never attempted to
create containers for a pod), it should retry the sandbox creation on
failure, regardless of the restart policy of the pod.
 2019-06-26 18:19:27 -07:00
Ted Yu
58dfe186d8 Call getKubeletSandboxes first in containerGC#evictSandboxes 2019-05-26 14:40:11 -07:00
Tim Allclair
91e593546c Revert "Use consistent imageRef during container startup" 
This reverts commit 26e3c8674e.
 2019-05-23 11:36:32 -07:00
Jean Rouge
b39d8f4777 Kubelet & implementation changes for Windows GMSA support 
This patch comprises the kubelet changes outlined in the Windows GMSA KEP
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md)
to add GMSA support to Windows workloads.

Updated tests.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-05-16 22:07:03 -04:00
Jean Rouge
181706b0f0 Auto-generated changes for Windows GMSA support 
This patch comprises the auto-generated changes for the API changes outlined in
the Windows GMSA KEP
(https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md)
to add GMSA support to Windows workloads.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-05-16 15:34:22 -07:00
yameiwang
503ac59abe fix typo in kuberuntime_manager.go 2019-05-13 08:35:01 +08:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
Kubernetes Prow Robot
aff3f0c61c
Merge pull request #76665 from tallclair/imageref 
Use consistent imageRef during container startup
 2019-04-16 19:14:34 -07:00
Kubernetes Prow Robot
097d58523a
Merge pull request #75278 from Nessex/updatecontainerresources-label-fix 
Fix label on UpdateContainerResources operation
 2019-04-12 08:44:48 -07:00
Tim Allclair
26e3c8674e Use consistent imageRef during container startup 2019-04-10 12:06:42 -07:00
Robert Krawitz
022f7c2cd7 Clean up PR #71617 2019-04-08 10:34:40 -04:00
Kubernetes Prow Robot
dc1ff116dc
Merge pull request #74220 from tedyu/master 
Aggregate errors for kube runtime GC
 2019-04-04 17:47:19 -07:00
Giuseppe Scrivano
a561196bfe
logs: consume all file until EOF on exited container 
If the container is not found, do not stop reading the log file
immediately but wait until we reach again EOF.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-03-30 17:42:21 +01:00
Giuseppe Scrivano
8f68b281e4
kubelet: force checking the log file every second 
it seems fsnotify can miss some read events, blocking the kubelet to
receive more data from the log file.

If we end up waiting for events with fsnotify, force a read from the
log file every second so that are sure to not miss new data for longer
than that.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-03-30 17:42:20 +01:00
Giuseppe Scrivano
341c2c0d1f
kubelet: handle recreated log files 
if the runtime is configured to rotate the log file, we might end up
watching the old fd where there are no more writes.

When a fsnotify event other than Write is received, reopen the log
file and recreate the watcher.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-03-30 17:42:20 +01:00
Giuseppe Scrivano
2c30eee92f
kubelet: read immediately after creating the watcher 
if some events happen between the Read and while we set the watcher,
we might miss them.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2019-03-30 17:42:11 +01:00
Kubernetes Prow Robot
dabeb20a1a
Merge pull request #75587 from tiffanyfay/cred-provider 
Refactor AWS credential provider
 2019-03-29 14:48:47 -07:00
Kubernetes Prow Robot
4b3eb60081
Merge pull request #75531 from dims/add-new-staging-repository-for-cri-api 
New staging repository for cri-api
 2019-03-26 18:10:49 -07:00
tiffany jernigan
847cb24aa1 Credential provider Provide takes image (general) 2019-03-27 01:00:26 +00:00
Davanum Srinivas
33081c1f07
New staging repository for cri-api 
Change-Id: I2160b0b0ec4b9870a2d4452b428e395bbe12afbb
 2019-03-26 18:21:04 -04:00
shinytang6
5c9f4d9dc6 replace time.Now().Sub with time.Since 2019-03-21 18:02:55 +08:00
Nathan Essex
394c581a56 Fix label on UpdateContainerResources operation 2019-03-12 14:18:53 +09:00
Lantao Liu
0ac651bfc3 Include pod logs in the pod ephemeral storage. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-08 16:42:14 -08:00
Lantao Liu
f14c6c95d6 New pod log directory /var/log/pods/NAMESPACE_NAME_UID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-08 16:42:14 -08:00
Lubomir I. Ivanov
e29c6e1b38 go-1.12: fix 'go vet' failures 2019-03-01 18:48:17 +02:00
Kubernetes Prow Robot
44d13d3b77
Merge pull request #73726 from wk8/wk8/gmsa_alpha 
Kubelet changes for Windows GMSA support
 2019-02-25 21:48:21 -08:00
qingsenLi
8086b8f71d fix syntactic error in kuberuntime_manager.go-2 2019-02-23 10:51:17 +08:00
haiyanmeng
ec18200f8b Fit RuntimeClass metrics to prometheus conventions 
1) Add suffix (`seconds` or `total`) to metric name
2) Switch Summary metric to Histogram metric (Summary metrics are not
supported completely by prometheus-to-sd and can't be aggregated.)
 2019-02-19 12:46:37 -08:00
Ted Yu
dae6950f04 Aggregate errors for kube runtime GC 
Signed-off-by: Ted Yu <yute@vmware.com>
 2019-02-18 13:29:22 -08:00
danielqsj
79a3eb816c rename latency to duration in metrics 2019-02-18 17:40:04 +08:00
danielqsj
9fd99a48f5 Change kubelet metrics to conform guideline 2019-02-18 14:01:58 +08:00
sunxiaofei03
91e6dab9f8 rm unused judgement 2019-02-15 10:57:42 +08:00
Kubernetes Prow Robot
6a9902deee
Merge pull request #73802 from Random-Liu/handle-unknown-state 
Stop container in unknown state before recreate or remove.
 2019-02-14 15:50:12 -08:00
Jean Rouge
b435dbf718 Merge branch 'master' into wk8/gmsa_alpha 
Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-02-14 15:38:25 -08:00
Lantao Liu
de8ee94d14 Stop container in unknown state before recreate or remove. 2019-02-14 02:31:17 -08:00