github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,912 Commits 1 Branch 31 Tags 1,019 MiB
0cfe4438e9
Commit Graph

24947 Commits

Author SHA1 Message Date
Patrick Ohly
234dc1f63d dra e2e: run more test scenarios with structured parameters 2024-03-07 22:22:13 +01:00
Patrick Ohly
d59676a545 dra kubelet: publish NodeResourceSlices 
The information is received from the DRA driver plugin through a new gRPC
streaming interface. This is backwards compatible with old DRA driver kubelet
plugins, their gRPC server will return "not implemented" and that can be
handled by kubelet. Therefore no API break is needed.

However, DRA drivers need to be updated because the Go API changed. They can
return
    status.New(codes.Unimplemented, "no node resource support").Err()
if they don't support the new ListAndWatchResources method and
structured parameters.

The controller in kubelet then synchronizes this information from the driver
with NodeResourceSlice objects, creating, updating and deleting them as needed.
 2024-03-07 22:22:13 +01:00
Patrick Ohly
5e40afca06 dra testing: add tests for structured parameters 
The test driver now supports a ConfigMap (as before) and the named resources
structured parameter model. It doesn't have any instance attributes.
 2024-03-07 22:22:13 +01:00
Patrick Ohly
6f1ddfcd2e kubelet: support structured parameters for preparing resources 
If the resource handle has data from a structured parameter model, then we need
to pass that to the DRA driver kubelet plugin. Because Kubernetes uses
gogo/protobuf, we cannot use "optional" for that new optional field and have to
resort to "repeated" with a single repetition if present.

This is a new, backwards-compatible field.

That extending the resource.k8s.io changes the checksum of a kubelet checkpoint
is unfortunate. Updating the test cases is a stop-gap measure, the actual
solution will have to be something else before beta.
 2024-03-07 22:22:13 +01:00
Patrick Ohly
4ed2b3eaeb scheduler_perf: test DRA with structured parameters 2024-03-07 22:21:58 +01:00
Patrick Ohly
d4d5ade7f5 dra: add "named resources" structured parameter model 
Like the current device plugin interface, a DRA driver using this model
announces a list of resource instances. In contrast to device plugins, this
list is made available to the scheduler together with attributes that can be
used to select suitable instances when they are not all alike.

Because this is the first structured parameter model, some checks that
previously were not possible, in particular "is one structured parameter field
set", now gets enabled. Adding another structured parameter model will be
similar.

The applyconfigs code generator assumes that all types in an API are defined in
a single package. If it wasn't for that, it would be possible to place the
"named resources" types in separate packages, which makes their names in the Go
code more natural and provides an indication of their stability level because
the package name could include a version.
 2024-03-07 22:21:16 +01:00
Peter Hunt
49ee96eed4 pod security test: add user namespaces feature 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-03-07 15:56:06 -05:00
Yuki Iwai
e216742672 Job: Support for the JobSuccessPolicy (alpha) 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-03-08 05:49:09 +09:00
Kubernetes Prow Robot
46f017a90b
Merge pull request #123770 from Jefftree/go-restful 
fix aggregator path filtering to include /
 2024-03-07 10:21:53 -08:00
Davanum Srinivas
b1341c8795
Revert portion of the GPU testcase 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-07 12:39:04 -05:00
Michal Wozniak
194009fac9 Add integration test for managedBy and cleanup of finalizers 2024-03-07 17:54:16 +01:00
Kubernetes Prow Robot
246e678acc
Merge pull request #123751 from mimowo/job-update-conformance-test 
Update Job conformance test for job status updates
 2024-03-07 07:49:24 -08:00
Patrick Ohly
39bbcedbca dra api: add structured parameters 
NodeResourceSlice will be used by kubelet to publish resource information on
behalf of DRA drivers on the node. NodeName and DriverName in
NodeResourceSlice must be immutable. This simplifies tracking the different
objects because what they are for cannot change after creation.

The new field in ResourceClass tells scheduler and autoscaler that they are
expected to handle allocation.

ResourceClaimParameters and ResourceClassParameters are new types for telling
in-tree components how to handle claims.
 2024-03-07 16:15:31 +01:00
Kubernetes Prow Robot
bf7fcfdc7f
Merge pull request #123776 from dims/adjust-gpu-test-to-work-with-latest-nvidia-daemonset 
Adjust GPU test to work with latest nvidia daemonset on AWS/ec2
 2024-03-07 06:30:55 -08:00
Kubernetes Prow Robot
a035f5b19e
Merge pull request #123774 from cici37/vapGA 
Enabled conformance test for GA feature.
 2024-03-07 06:30:48 -08:00
Davanum Srinivas
30857658e4
Adjust GPU test to work with latest nvidia daemonset 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-06 21:42:21 -05:00
Kubernetes Prow Robot
c726b2b3a3
Merge pull request #123431 from aramase/aramase/f/kep_3331_multiple_jwt_authenticator 
Support multiple JWT authenticators with structured authn config
 2024-03-06 17:37:29 -08:00
cici37
758dc53510 Enabled conformance test for VAP which is GAed. 2024-03-06 23:53:20 +00:00
Kubernetes Prow Robot
05cb0a55c8
Merge pull request #123696 from aramase/aramase/f/kep_3331_v1beta1_api 
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1
 2024-03-06 15:35:28 -08:00
Kubernetes Prow Robot
bd25605619
Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API
 2024-03-06 15:35:14 -08:00
Anish Ramasekar
39e1c9108c
Support multiple JWT authenticators with structured authn config 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-06 14:42:32 -08:00
Tim Allclair
0eb5f52d06 Rename AppArmor annotation constants with Deprecated 2024-03-06 10:46:31 -08:00
Jefftree
8373f3035a fix aggregator path filtering to include / 2024-03-06 13:33:33 -05:00
cpanato
70221e8405
[go] Bump images, dependencies and versions to go 1.22.1 and distroless iptables 
Signed-off-by: cpanato <ctadeu@gmail.com>
 2024-03-06 13:09:17 -05:00
Michal Wozniak
1395c80109 Update Job conformance test to do a legal update 2024-03-06 14:00:21 +01:00
Tim Hockin
2e465cd6fa
Remove _tmp from test/images/image-util.sh 2024-03-05 21:44:46 -08:00
Kubernetes Prow Robot
2b521e5f8e
Merge pull request #123405 from cici37/vapGA 
[KEP-3488]Promote ValidatingAdmissionPolicy to GA
 2024-03-05 18:29:53 -08:00
Kubernetes Prow Robot
39b085d936
Merge pull request #121725 from cubxxw/patch-1 
fix: code style untidy  and update version.sh
 2024-03-05 18:29:44 -08:00
Kubernetes Prow Robot
87f9b3891e
Merge pull request #123385 from HirazawaUi/allow-special-characters 
Allow almost all printable ASCII characters in environment variables
 2024-03-05 17:31:06 -08:00
Kubernetes Prow Robot
5b4d97dc5a
Merge pull request #122541 from aojea/headless_selector 
Implement a field selector for ClusterIP on Services
 2024-03-05 17:30:57 -08:00
Kubernetes Prow Robot
3686ceb5b8
Merge pull request #122745 from kannon92/swap-no-swap-default 
[KEP-2400] add no swap as the default option for swap
 2024-03-05 16:32:40 -08:00
cici37
de506ce7ac Promote ValidatingAdmissionPolicy to GA. 2024-03-05 16:00:21 -08:00
Kubernetes Prow Robot
5fd38a8c78
Merge pull request #122907 from sohankunkerkar/prepare-kep-3983-for-beta 
[KEP-4419]: promote KubeletConfigDropInDir feature to beta
 2024-03-05 14:45:39 -08:00
Kubernetes Prow Robot
1e4124b081
Merge pull request #123726 from haircommander/kubelet_t 
e2e_node: use kubelet_exec_t instead of bin_t for kubelet
 2024-03-05 13:45:14 -08:00
Kubernetes Prow Robot
2bed0087c3
Merge pull request #123722 from atiratree/e2e-kubectl-delete-fix 
fix e2e test for kubectl interactive delete
 2024-03-05 13:45:07 -08:00
Kubernetes Prow Robot
df1eccae38
Merge pull request #123543 from jiahuif-forks/feature/validating-admission-policy/excluded-resources 
ValidatingAdmissionPolicy: exclude brink-able resources.
 2024-03-05 13:45:01 -08:00
Kubernetes Prow Robot
5f4a20e65d
Merge pull request #120718 from gjkim42/add-restartable-init-containers-to-pod-resources-api 
Make PodResources API include restartable init containers
 2024-03-05 13:44:54 -08:00
Kevin Hannon
6a4e19a4ec add no swap as the default option for swap 2024-03-05 16:10:42 -05:00
Tim Allclair
207a965b3f Update AppArmor e2e tests 2024-03-05 12:22:50 -08:00
Filip Křepinský
7a57bcea6c fix e2e test for kubectl interactive delete 2024-03-05 19:57:28 +01:00
Peter Hunt
646d464203 e2e_node: use kubelet_exec_t instead of bin_t for kubelet 
as bin_t isn't powerful enough, and we run into a wack-a-mole situation making bin_t powerful
enough for the tests

Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-03-05 13:39:52 -05:00
Michał Woźniak
e568a77a93
Support for the Job managedBy field (alpha) (#123273) 
* support for the managed-by label in Job

* Use managedBy field instead of managed-by label

* Additional review remarks

* Review remarks 2

* review remarks 3

* Skip cleanup of finalizers for job with custom managedBy

* Drop the performance optimization

* imrpove logs
 2024-03-05 09:25:15 -08:00
Antonio Ojea
0595ec7942 implement field selector for clusterIP on services 
This will allow components that don't need to watch headless services
(heavily used on ai/ml workloads) to filter them server side.

Specially useful for kubelet and kube-proxy

Co-authored-by: Jianbo Ma <sakuranlbj@gmail.com>

Change-Id: I6434d2c8c77aaf725ec5c07acbcda14311f24bfa

Change-Id: Iba9e25afb90712facfb3dee25c500bbe08ef38fc
 2024-03-05 17:16:42 +00:00
Anish Ramasekar
b502aa6f31
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-05 09:10:34 -08:00
Kubernetes Prow Robot
74adc0b3f7
Merge pull request #122489 from carlory/fix-120080 
storage e2e: update hostpath and mock images
 2024-03-05 07:11:36 -08:00
Kubernetes Prow Robot
791fd50eeb
Merge pull request #123114 from bzsuni/cleanup/npd/v0.8.15 
Bump npd from v0.8.13 to v0.8.16
 2024-03-05 05:46:42 -08:00
Kubernetes Prow Robot
a33f8b8211
Merge pull request #122259 from pacoxu/enlarge-pod-delete-timeout 
use e2e f.Timeouts.PodDelete instead of 1 minute
 2024-03-05 05:46:29 -08:00
Kubernetes Prow Robot
d826407152
Merge pull request #122653 from ardaguclu/interactive-delete-e2e-test 
Add e2e test for kubectl interactive delete
 2024-03-05 03:08:59 -08:00
HirazawaUi
01689d0906 add e2e tests for relaxed validation 2024-03-05 17:09:15 +08:00
Kubernetes Prow Robot
50f4b1ea47
Merge pull request #123568 from enj/enj/i/jwt_username_required 
jwt: fail on empty username via CEL expression
 2024-03-04 20:07:33 -08:00
Kubernetes Prow Robot
439f7df65b
Merge pull request #122320 from armstrongli/master 
allow service NodePort to be updated to 0 in case AllocateLoadBalance…
 2024-03-04 18:38:05 -08:00
carlory
2bd7f4f8e0 storage e2e: update hostpath and mock images 2024-03-05 10:18:54 +08:00
bzsuni
9ac9fdac8f Bump npd from v0.8.13 to v0.8.16 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2024-03-05 09:30:28 +08:00
Kubernetes Prow Robot
6929a11f69
Merge pull request #123481 from sanposhiho/mindomain-stable 
graduate MinDomainsInPodTopologySpread to stable
 2024-03-04 17:18:53 -08:00
Kubernetes Prow Robot
f745503112
Merge pull request #123413 from seans3/tunneling-spdy-websockets 
PortForward: Tunnel SPDY through WebSockets
 2024-03-04 17:18:44 -08:00
Kubernetes Prow Robot
46a2137c1b
Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics
 2024-03-04 14:09:30 -08:00
Kubernetes Prow Robot
320e288b5e
Merge pull request #123628 from Jefftree/agg-conformance 
promote aggregated discovery conformance tests
 2024-03-04 11:23:59 -08:00
Sean Sullivan
8b447d8c97 portforward: tunnel spdy through websockets 2024-03-04 11:10:30 -08:00
Jordan Liggitt
79b344d85e
Add authorization webhook duration/count/failopen metrics 2024-03-04 14:01:15 -05:00
Monis Khan
8345ad0bac
jwt: fail on empty username via CEL expression 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-04 12:51:19 -05:00
Kubernetes Prow Robot
9043ce05c1
Merge pull request #123667 from jsafrane/selinux-metrics-access-mode 
Add label with access mode to SELinux metrics
 2024-03-04 08:25:39 -08:00
Jan Safranek
57d1b68dc2 Remove deprecated sets.String 2024-03-04 14:33:04 +01:00
Kubernetes Prow Robot
55d1518126
Merge pull request #123588 from pohly/scheduler-perf-any-cleanup 
scheduler_perf: automatically delete created objects
 2024-03-04 04:49:12 -08:00
Jan Safranek
c4163a9cb8 Add label with access mode to SELinux metrics 
In the KEP 1710 we promised to have all SELinux metrics with access mode
label, so cluster admin is able to distinguish when RWOP volumes are
failing to mount (-> SELinuxMountReadWriteOncePod feature gate must be
disabled) or volumes with any other access modes are failing (->
SELinuxMount feature gate must be disabled).

Adding the label to kubelet is quite straightforward, there were some
changes needed in the e2e test. Now grabMetrics() collects values of all
SELinux related metrics with all labels. It only skips unrelated volume
plugins. And waitForMetricIncrease gets metric with all labels on input, so
it can check that say RWOP metric increased and RWX one did not.
 2024-03-04 13:16:56 +01:00
Patrick Ohly
eb6abf0462 scheduler_perf: automatically delete created objects 
This is not relevant for namespaced objects, but matters for the cluster-scoped
ResourceClass during unit testing. This works right now because there is only
one such unit test, but will fail when adding a second one.

Instead of passing a boolean flag down into all functions where it might be
needed, it's now a context value.
 2024-03-04 09:54:38 +01:00
Kubernetes Prow Robot
d440ab18ce
Merge pull request #123656 from huww98/e2e-pod-fail-fast 
e2e pod: fail fast on failed pod
 2024-03-04 00:00:14 -08:00
Kubernetes Prow Robot
8c80c07e85
Merge pull request #123655 from huww98/mt-n 
agnhost/mounttest: add new line to output
 2024-03-03 22:29:44 -08:00
Kubernetes Prow Robot
e4a14fe0f5
Merge pull request #123575 from Huang-Wei/pod-scheduling-readiness-stable 
Graduate PodSchedulingReadiness to stable
 2024-03-03 22:29:38 -08:00
Kubernetes Prow Robot
d756b0a1c0
Merge pull request #123659 from dims/check-length-of-instance-name-before-truncating 
Check length of instance name before truncating
 2024-03-03 20:41:11 -08:00
Anish Ramasekar
78fb0bae22
wire up discovery url in authenticator 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-03 17:34:51 -08:00
Davanum Srinivas
c61b2a3975
Check length of instance name before truncating 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-03 18:49:57 -05:00
Kubernetes Prow Robot
d45d803ac4
Merge pull request #123657 from dims/switch-to-new-cos-gpu-installer-v2.1.10 
Switch to newer cos-gpu-installer - v2.1.10
 2024-03-03 13:20:51 -08:00
Kubernetes Prow Robot
ccb5dd3b57
Merge pull request #123652 from dims/ensure-gcp-instance-names-are-a-max-of-63-characters 
Ensure GCP instance names are a max of 63 characters
 2024-03-03 11:58:53 -08:00
Jefftree
ebcb78df52 promote aggregated discovery conformance tests 2024-03-03 14:29:25 -05:00
Davanum Srinivas
b33c5a8292
Switch to newer cos-gpu-installer - v2.1.10 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-03 14:22:24 -05:00
Davanum Srinivas
968aefd1bf
Ensure GCP instance names are a max of 63 characters 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-03 13:19:12 -05:00
huweiwen
c2ccb921ea e2e pod: fail fast on failed pod 
no need to wait until timeout. reduce test time
 2024-03-04 00:01:02 +08:00
huweiwen
c134bfe9eb agnhost/mounttest: add new line to output 
make the output easier to read.
 2024-03-03 23:46:22 +08:00
Kubernetes Prow Robot
3086d88dc6
Merge pull request #123614 from ameukam/bump-cuda-version 
test: Bump CUDA images
 2024-03-02 19:29:42 -08:00
Kubernetes Prow Robot
8674282a05
Merge pull request #123640 from liggitt/authz-beta-config 
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1
 2024-03-02 10:26:26 -08:00
Joe Betz
eb5f31b9e1 Add x-kubernetes-selectable-fields to fields excluded in publish openapi conformance comparisons 2024-03-02 11:14:06 -05:00
Kubernetes Prow Robot
61410237c3
Merge pull request #123636 from dims/rely-only-on-source-cli-parameter-in-conformance-walk 
Rely only on `source` cli parameter in conformance/walk
 2024-03-02 07:44:20 -08:00
Arnaud Meukam
3bada5d451
test: Bump CUDA images 
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-03-02 09:42:05 +01:00
Jordan Liggitt
0605a75c5e
Duplicate v1alpha1 AuthorizationConfiguration to v1beta1 2024-03-02 02:00:31 -05:00
Kubernetes Prow Robot
8845c4c657
Merge pull request #123135 from munnerz/4193-beta-promotion 
KEP-4193: promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to beta
 2024-03-01 19:48:18 -08:00
Davanum Srinivas
948d9ca221
Rely only on source cli parameter in conformance/walk 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-01 21:58:54 -05:00
Kubernetes Prow Robot
3e1da21801
Merge pull request #123611 from ritazh/authz-mcmetrics 
Add authz webhook matchcondition metrics
 2024-03-01 18:49:17 -08:00
Kubernetes Prow Robot
f4b01154ef
Merge pull request #123622 from aauren/remove_same_node_nodeport_test 
e2e/service.go: remove same node nodeport test
 2024-03-01 16:59:56 -08:00
Kubernetes Prow Robot
cde4788a27
Merge pull request #123215 from adrianreber/2024-02-09-forensic-container-checkpointing-beta 
Switch 'ContainerCheckpoint' from Alpha to Beta
 2024-03-01 15:59:24 -08:00
Aaron U'Ren
d2051503a3
e2e/service.go: remove same node nodeport test 
Remove local pod -> local nodeport from service termination test
 2024-03-01 17:01:07 -06:00
Rita Zhang
e76fce7566
add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-03-01 14:41:27 -08:00
Kubernetes Prow Robot
3f25211d69
Merge pull request #122882 from Jefftree/agg-discovery-v2-usage 
Use Aggregated Discovery v2 types and promote to GA
 2024-03-01 14:41:02 -08:00
Sohan Kunkerkar
3b630ae1af test/e2e_node:add more coverage for the kubelet config drop-in dir feature 
Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
 2024-03-01 16:01:01 -05:00
Kubernetes Prow Robot
8b8d133770
Merge pull request #123564 from ivelichkovich/tests 
promote match conditions e2e tests to conformance
 2024-03-01 12:06:09 -08:00
Sohan Kunkerkar
b40b5f86d8 *: promote KubeletConfigDropInDir feature to beta 
This change removes the environment variable set during
the Alpha phase and prepares the feature for beta graduation.

xref: https://github.com/kubernetes/enhancements/pull/4419

Signed-off-by: Sohan Kunkerkar <sohank2602@gmail.com>
 2024-03-01 15:00:50 -05:00
Jefftree
462dd326c2 Use v2 types with agg discovery 2024-03-01 13:15:22 -05:00
Kubernetes Prow Robot
df366107d1
Merge pull request #123529 from thockin/go-workspaces 
Go workspaces for k/k and k/staging/*
 2024-03-01 08:43:03 -08:00
Igor Velichkovich
dde48918dd promote match conditions e2e tests to conformance 2024-03-01 10:04:42 -06:00
Kubernetes Prow Robot
055b51728c
Merge pull request #123554 from jsafrane/selinux-rwx-tests 
Add tests for SELinuxMount feature
 2024-03-01 06:43:17 -08:00
Jan Safranek
74417b517a Tag all feature gates required by a test 
Use all necessary feature gates in SELinuxMount tests.
 2024-03-01 14:38:24 +01:00