github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,151 Commits 1 Branch 31 Tags 1,019 MiB
main
Commit Graph

925 Commits

Author SHA1 Message Date
Paco Xu
b83600de01 fix nil pointer dereference panic for deprecated metrics 2023-03-24 18:50:43 +08:00
Kubernetes Prow Robot
15894cfc85
Merge pull request #116550 from alculquicondor/fix-bind-uid 
Preserve UID and ResourceVersion in BindingREST
 2023-03-20 08:49:20 -07:00
Aldo Culquicondor
62889f416c
Preserve UID/ResourceVersion in the BindingREST endpoint 
Change-Id: If4023da10c455963a320fdb9fc2a73c099bea3db
 2023-03-20 10:29:25 -04:00
Kubernetes Prow Robot
fe91bc257b
Merge pull request #116554 from atiratree/eviction-resource-version-fix 
API-initiated eviction: handle deleteOptions correctly
 2023-03-17 16:59:15 -07:00
Filip Křepinský
51c0e2374f API-initiated eviction: handle deleteOptions correctly 
when adding a DisruptionTarget condition into a pod that will be deleted

- handle ResourceVersion and Preconditions correctly
- handle DryRun option correctly

Co-authored-by: Jordan Liggitt jordan@liggitt.net
 2023-03-17 22:18:07 +01:00
Antonio Ojea
756f1bfe99 add repair loop 
Change-Id: I63464bdd5db706ddf7dc5d828b8d03ad532d7981
 2023-03-14 22:58:11 +00:00
Antonio Ojea
b2c8190ee7 allow to set the service reference on the allocator 2023-03-14 22:58:11 +00:00
Antonio Ojea
e6f197a991 plumb new ipallocators in the apiserver 
plumb the new allocators from the control-plane instance to the
registry_core

Change-Id: I240cc91942260f725492597f1b599f7480560b1e
 2023-03-14 22:58:11 +00:00
Antonio Ojea
b022475448 clusterip allocator based on IPAddress API 
add a new ClusterIP allocator that uses the new IPAddress API resource
and an informer as the backend, instead a bitmap snapshotted on etcd.

Change-Id: Ia891a2900acd2682d4d169abab65cdd9270a8445
 2023-03-14 22:58:11 +00:00
Kubernetes Prow Robot
94e30facdb
Merge pull request #114497 from dgrisonnet/pod-logs-metrics 
Remove redundant subsystem in kube-apiserver pod logs metrics name
 2023-03-10 12:40:41 -08:00
Damien Grisonnet
1efa1a65ee pkg/registry: rename pod logs metrics 
The pod_logs subsystem was inadvertently made redundant in the following
kube-apiserver metrics:
- kube_apiserver_pod_logs_pods_logs_backend_tls_failure_total
- kube_apiserver_pod_logs_pods_logs_insecure_backend_total

To safely rename them, it is required to deprecate them in 1.27 whilst
introducing the new metrics replacing them.

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
 2023-03-10 17:43:09 +01:00
Antoine Pelisse
4f3859ce91 managedfields: Move most of fieldmanager package to managefields 2023-03-08 13:44:00 -08:00
Kubernetes Prow Robot
f2fdda8667
Merge pull request #115918 from yt2985/genericWatch 
Partition watchers by namespace/name scope
 2023-02-28 01:47:17 -08:00
Jordan Liggitt
1c2fa0c7f7 Partition watchers by namespace/name scope 2023-02-27 20:38:11 +00:00
Vinay Kulkarni
76962b0fa7 In-place Pod Vertical Scaling - API changes 
1. Define ContainerResizePolicy and add it to Container struct.
 2. Add ResourcesAllocated and Resources fields to ContainerStatus struct.
 3. Define ResourcesResizeStatus and add it to PodStatus struct.
 4. Add InPlacePodVerticalScaling feature gate and drop disabled fields.
 5. ResizePolicy validation & defaulting and Resources mutability for CPU/Memory.
 6. Various fixes from code review feedback (originally committed on Apr 12, 2022)
KEP: /enhancements/keps/sig-node/1287-in-place-update-pod-resources
 2023-02-24 17:18:04 +00:00
SataQiu
ba6fcf4169 add field-level warning for deprecated spec.externalID of node 2023-02-23 09:35:56 +08:00
Wei Huang
feed8c683d
Enforce nodeName cannot be set along with non empty schedulingGates 2023-02-07 13:53:28 -08:00
Kubernetes Prow Robot
7f0d1722f5
Merge pull request #115378 from aojea/aojea_allocator 
add aojea as approver for networking APIs: services/allocators, netwo…
 2023-01-29 16:14:49 -08:00
Kubernetes Prow Robot
5bb7326c36
Merge pull request #114418 from xuzhenglun/master 
Reserve Nodeport Ranges For Dynamic And Static Port Allocation
 2023-01-29 14:02:35 -08:00
Antonio Ojea
0461c48078 add aojea as approver for networking APIs: services/allocators, networking group, ... 
Change-Id: Ia6542b21339f4a92a9c13c2b628038abe737d0f9
 2023-01-29 00:10:06 +00:00
Kubernetes Prow Robot
12240c2a5c
Merge pull request #115247 from Volatus/refactor-node-storage-tests 
Refactor: cleanup node/storage tests
 2023-01-26 17:42:32 -08:00
Ismayil Mirzali
6d484dc037
Refactor: cleanup node/storage tests 
Removes some repetitive patterns and simplifies the existing test code.
 2023-01-26 23:03:02 +02:00
xuzhenglun
d48dd100bf
add kube_apiserver_nodeport_allocator_* to improve observability of ServiceNodePortStaticSubrange 2023-01-26 14:44:16 +08:00
xuzhenglun
c18c6e1b87
allocate nodeport with offset 2023-01-26 14:44:04 +08:00
Antonio Ojea
ea99593fa1 Fix panic on ClusterIP allocation for /28 subnets 
The ClusterIP allocator tries to reserve on part of the ServiceCIDR
to allocate static IPs to the Services.

The heuristic of the allocator to obtain the offset was taking into
account the whole range size, not the IPs available in the range, the
subnet address and the broadcast address for IPv4 are not available.

This caused that for CIDRs with 16 hosts, /28 for IPv4 and /124 for
IPv6, the offset calculated was higher than the max number of available
addresses on the allocator, causing this to panic.

Change-Id: I6c6f527b0a600b3612be37769e405b8fb3dd33a8
 2023-01-25 20:32:40 +00:00
Kubernetes Prow Robot
696701b9fd
Merge pull request #114086 from xmcqueen/113935 
block ephemeral container addition to static pods
 2023-01-13 07:36:28 -08:00
Kubernetes Prow Robot
6ce055d62d
Merge pull request #114947 from saschagrunert/seccomp-ga-cleanup 
Make seccomp annotations non-functional
 2023-01-12 13:48:54 -08:00
Sascha Grunert
af1f6a230b
Make seccomp annotations non-functional 
This cleanup has been planned to finish the corresponding KEP:
https://github.com/kubernetes/kubernetes/issues/91286

As follow-up on the partly removal of the seccomp annotations in
https://github.com/kubernetes/kubernetes/pull/109819, we now drop
the version skew handling completely, but still warn as well as keep
the validation in place if both (annotation and field) are set.

The Pod Security Admission code has been already changed in
https://github.com/kubernetes/kubernetes/pull/114846.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2023-01-12 17:11:52 +01:00
Kubernetes Prow Robot
564f438892
Merge pull request #114691 from thockin/fix-pod-warning-string 
Make the warning about pod name clearer
 2023-01-10 13:47:38 -08:00
Kubernetes Prow Robot
ac889a0251
Merge pull request #113581 from aimuz/verify-tls-secret 
Verify that the key matches the cert
 2023-01-04 14:29:58 -08:00
TommyStarK
e2d8fc3f62 pkg/registry: Replace deprecated pointer function 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-01-04 10:38:09 +01:00
Kubernetes Prow Robot
12c71fdf1c
Merge pull request #113542 from ardaguclu/fix-shortname-disperancy 
Set singular names for core types to pass to discovery
 2023-01-03 09:29:43 -08:00
Antonio Ojea
29ea5076ea refactor current ipallocator 
- rename files to match the allocator backend
- use t.Run for tests and cover large ranges
- add benchmarks
- check that thebitmap ip allocator satisfies the interface

goos: linux
goarch: amd64

pkg: k8s.io/kubernetes/pkg/registry/core/service/ipallocator
cpu: Intel(R) Xeon(R) CPU E5-2678 v3 @ 2.50GHz
BenchmarkAllocateNextIPv4Size1048574
BenchmarkAllocateNextIPv4Size1048574-24    	 1517683
7373 ns/op	     135 B/op	       8 allocs/op
BenchmarkAllocateNextIPv6Size65535
BenchmarkAllocateNextIPv6Size65535-24      	 5607438
193.9 ns/op	      18 B/op	       2 allocs/op
PASS
 2022-12-31 12:48:50 +00:00
Tim Hockin
7c7d79b058
Make the warning about pod name clearer 
Previously this was cut-paste from deployment.  It didn't make much
sense for pod.
 2022-12-25 14:20:55 -08:00
Tim Hockin
ed3ebbaaa7
Remove TODO about API proxy checking for svc 2022-12-23 12:32:17 -08:00
Kubernetes Prow Robot
038d983769
Merge pull request #114505 from aojea/service_warnings 
Services API: warnings on IP addresses
 2022-12-16 18:07:52 -08:00
Tim Hockin
e27cf75094
rc: API warn when name is not DNS label 2022-12-16 13:06:10 -08:00
Tim Hockin
c555d290c1
pod: API warn when name is not DNS label 2022-12-16 13:05:17 -08:00
Antonio Ojea
1b804fc87c Services API: warnings 
The Services API should warn users about some IP addresses
representations, mainly because some of them are not allowed
by the golang std parsers since go 1.17

Specifically:

- IPv4 addresses with leading zeros, that may cause security risks
- IPv6 addresses in non canonical format, that may cause problems
with controllers hotlooping or cause security issues

Change-Id: Ife50a651d1b22dc4c318e42bd3e5f2e5f88ecbcd
 2022-12-16 11:54:05 +00:00
aimuz
4a7ab7fd75
Verify that the key matches the cert 
Signed-off-by: aimuz <mr.imuz@gmail.com>
 2022-12-13 10:43:58 +08:00
Tim Hockin
dd0a50336e
ServiceInternalTrafficPolicyType: s/Type// 
Rename ServiceInternalTrafficPolicyType => ServiceInternalTrafficPolicy
 2022-12-11 13:48:31 -08:00
Tim Hockin
d0e2b06850
ServiceExternalTrafficPolicyType: s/Type// 
Rename ServiceExternalTrafficPolicyType => ServiceExternalTrafficPolicy
 2022-12-11 13:48:27 -08:00
Kubernetes Prow Robot
4106b10d9c
Merge pull request #112799 from kerthcet/cleanup/strategy-test 
optimize testcases arrangement
 2022-12-09 15:43:29 -08:00
Kubernetes Prow Robot
6f6bf42ee5
Merge pull request #113768 from lojies/codecleanupforkubeleteviction 
cleanup:Omit comparison with boolean constant
 2022-12-09 14:34:26 -08:00
Brian McQueen
25e990f738 added validation check to block adding an ephemeral container to a static pod and test cases 2022-12-02 15:39:11 -08:00
Arda Güçlü
43a889fc65 Add integration test to test singularnames for all resources 2022-11-21 09:59:37 +03:00
Arda Güçlü
23e2899556 Implement GetSingularName for LegacyBindingREST 
LegacyBindingREST is only used for `bindings` resource. It is not
a subresource and that's why it is required to implement
`GetSingularName` function. However, there is no need to implement
this function for BindingREST because it is only used for binding
subresource.

That's why, this function statically adds GetSingularName for
LegacyBindingREST.
 2022-11-18 12:21:19 +03:00
Arda Güçlü
d14b7781e2 Use casted SingularName for rbac types 2022-11-18 12:21:19 +03:00
Arda Güçlü
1abf94bec3 Remove GetSingularName for subresources 2022-11-18 12:21:19 +03:00
Arda Güçlü
672e0b1e01 Use correct singular name format for subresources 2022-11-18 12:21:19 +03:00