This change is to promote local storage capacity isolation feature to GA
At the same time, to allow rootless system disable this feature due to
unable to get root fs, this change introduced a new kubelet config
"localStorageCapacityIsolation". By default it is set to true. For
rootless systems, they can set this configuration to false to disable
the feature. Once it is set, user cannot set ephemeral-storage
request/limit because capacity and allocatable will not be set.
Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
Terminal pods may continue to report a ready condition of true because
there is a delay in reconciling the ready condition of the containers
from the runtime with the pod status. It should be invalid for kubelet
to report a terminal phase with a true ready condition. To fix the
issue, explicitly override the ready condition to false for terminal
pods during status updates.
Signed-off-by: David Porter <david@porter.me>
CSI spec 1.5 enhanced the spec to add optional secrets field to
NodeExpandVolumeRequest. This commit adds NodeExpandSecret to the
CSI PV source and also derive the expansion secret in csiclient to
send it out as part of the nodeexpand request.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Signed-off-by: zhucan <zhucan.k8s@gmail.com>
Currently we only care about the sum of sandbox resources, which
includes a pod overhead if defined. We have a need for also calculating
*just* the sum of container requests/limits for CPU / Memory, so let's
do a refactor and expose this new helper function.
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
This fixes a bug where the test was dependent on the current set of
feature gates. Since AllFeatureEnabledContainers() depends on the
feature gates it must be evaluated after the test case is initialized.
1. Add API definitions;
2. Add feature gate and drops the field when feature gate is not on;
3. Set default values for the field;
4. Add API Validation
5. add kube-proxy iptables and ipvs implementations
6. add tests
Implement pod resource metrics as described in KEP 1916. The new
`/metrics/resources` endpoint is exposed on the active scheduler
and reports kube_pod_resources* metrics that present the effective
requests and limits for all resources on the pods as calculated by
the scheduler and kubelet. This allows administrators using the
system to quickly perform resource consumption, reservation, and
pending utilization calculations when those metrics are read.
Because metrics calculation is on-demand, there is no additional
resource consumption incurred by the scheduler unless the endpoint
is scraped.
PodOverhead is now a beta feature and set to true by default. No need to
override to true during testing.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Pod and burstable QoS cgroups should take overhead of running a sandbox
into account if the PodOverhead feature is enabled. These helper
functions are utilized by Kubelet for sizing the pod and burstable QoS
cgroups.
Pod overhead is added to resource requests, regardless of the initial
request values. A particular resource pod overhead is only added to a
resource limit if a non-zero limit already existed.
This commit updates eviction handling to also take Pod Overhead into
account (if the feature is enabled).
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Update GetResoureqRequest function to utilize a new helper,
GetResourceRequestQuantity. This logic was duplicated in a couple of
areas in the K/K codebase, so consolidating for better test coverage.
Signed-off-by: Eric Ernst <eric.ernst@intel.com>