github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
103,312 Commits 1 Branch 31 Tags
20d3bc32ac7489b94de0b0e1feff7894d79fbe9e
Commit Graph

42844 Commits

Author SHA1 Message Date
Tim Hockin
5970c4671c Add an IPFamily() method to ipallocator 2021-07-01 18:26:44 -07:00
Tim Hockin
89b633d353 Fix doc comment 2021-07-01 18:26:44 -07:00
Kubernetes Prow Robot
25bbe2ebc5 Merge pull request #99594 from cofyc/kep1845-api 
Prioritizing nodes based on volume capacity: API changes
 2021-07-01 15:35:51 -07:00
Kubernetes Prow Robot
43ebff8fa4 Merge pull request #103306 from swetharepakula/convert-proxy 
Kubeproxy uses V1 EndpointSlice
 2021-07-01 14:28:11 -07:00
Kubernetes Prow Robot
062bc359ca Merge pull request #102444 from sanwishe/resourceStartTime 
Expose container start time in kubelet /metrics/resource endpoint
 2021-07-01 14:27:51 -07:00
Kubernetes Prow Robot
b0af328e6e Merge pull request #103326 from pacoxu/safe-sysctls 
Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl
 2021-07-01 09:49:55 -07:00
pacoxu
2cab85a403 Mark net.ipv4.ip_unprivileged_port_start as a safe sysctl 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-07-01 10:31:21 +08:00
Yecheng Fu
b522e95aae Prioritizing nodes based on volume capacity: API changes 2021-07-01 10:00:59 +08:00
Swetha Repakula
03b7a699c2 Kubeproxy uses V1 EndpointSlice 2021-06-30 18:41:57 -07:00
Kir Kolyshkin
ab5b77944e kubelet/cm: don't set Devices 
Since runc 1.0.0 it is now sufficient to have SkipDevices: true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2021-06-30 16:17:35 -07:00
Kubernetes Prow Robot
385402d506 Merge pull request #103082 from chrishenzie/read-write-once-pod-access-mode-scheduler 
Enforce ReadWriteOncePod during scheduling
 2021-06-30 16:11:36 -07:00
Kubernetes Prow Robot
98d20f552b Merge pull request #99378 from mattcary/api 
StatefulSet PersistentVolumeClaimDeletePolicy
 2021-06-30 11:49:03 -07:00
Chris Henzie
7ad44d04fc Enforce ReadWriteOncePod access mode during scheduling 
Check the PVC ref count on the node info cache to determine if a pod's
PVCs are in use. If they are and it is using ReadWriteOncePod, fail the
request.
 2021-06-30 10:40:14 -07:00
Dave Chen
1fa673c15c Extent the NodeResourcesBalancedAllocation plugin to cover more resources 
Signed-off-by: Dave Chen <dave.chen@arm.com>
 2021-06-30 11:15:12 +08:00
Shiming Zhang
212ce7c287 Shorten test time 2021-06-30 09:48:26 +08:00
Kubernetes Prow Robot
21f41b8e82 Merge pull request #101711 from hbagdi/ingressclass-namespaced-params-beta 
graduate IngressClassNamespacedParams to beta
 2021-06-29 17:07:03 -07:00
Kubernetes Prow Robot
e0f66be1aa Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score 
Add score func for NodeResourcesFit plugin
 2021-06-29 13:42:20 -07:00
Harry Bagdi
f0d917a3ca add fuzzer patch to fix tests 2021-06-29 12:59:59 -07:00
Elana Hashman
39f32d7286 Ensure MemorySwapConfig can't be set without feature flag 2021-06-29 12:08:25 -07:00
Elana Hashman
d4041cb80f Add generated files for swap API changes 2021-06-29 12:08:25 -07:00
Elana Hashman
d3fd1362ca Rename NoSwap to LimitedSwap as workloads may still swap 
Also made the options a kubelet type, address API review feedback
 2021-06-29 12:08:21 -07:00
Elana Hashman
0deef4610e Set MemorySwapLimitInBytes for CRI when NodeSwapEnabled 2021-06-29 11:59:02 -07:00
Elana Hashman
7342acb0b8 Add validation for KubeletConfig MemorySwap 2021-06-29 11:59:01 -07:00
Elana Hashman
bda03b4818 API change: add MemorySwap to KubeletConfiguration 2021-06-29 11:58:59 -07:00
Elana Hashman
0dd4ce40ad Add NodeSwapEnabled feature flag 2021-06-29 11:57:34 -07:00
yuzhiquan
deb14b995a Add score plugin for NodeResourcesFit 2021-06-29 13:16:55 -04:00
Chris Henzie
ebc3fdb293 Store PVC reference counts in NodeInfo cache 
This map will be queried as part of enforcement of the ReadWriteOncePod
access mode for PVCs
 2021-06-29 10:07:32 -07:00
Kubernetes Prow Robot
01819dd322 Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 
ReadWriteOncePod access mode for PVs and PVCs
 2021-06-29 10:04:40 -07:00
Kubernetes Prow Robot
756203fda0 Merge pull request #102576 from dobsonj/101911 
kubelet: do not call RemoveAll on volumes directory for orphaned pods
 2021-06-29 06:54:40 -07:00
Shiming Zhang
a42c066af7 Fix Data Race in nodeshutdown restart 2021-06-29 16:23:45 +08:00
Kubernetes Prow Robot
1151dc1ee5 Merge pull request #103138 from sbangari/winDsrLoadBalancerServiceFix 
Loadbalancer IngressIP policy should be configured as non-DSR to enable routing mesh by default
 2021-06-28 23:26:51 -07:00
Chris Henzie
b7d732d3d6 Map PV access modes to CSI access modes 2021-06-28 21:25:38 -07:00
Chris Henzie
8db83c89aa CSI client helpers for NodeGetCapabilities 2021-06-28 21:25:37 -07:00
Chris Henzie
5f98f6cfa4 Update helper methods to print and parse ReadWriteOncePod access mode 2021-06-28 21:25:37 -07:00
Chris Henzie
2b98f8edc7 Enforce ReadWriteOncePod access mode during mount 2021-06-28 21:25:37 -07:00
Chris Henzie
7491d01651 Validate use of the ReadWriteOncePod access mode 
This will only work if the "ReadWriteOncePod" feature gate is enabled.
Additionally, this access mode will only work when used by itself. This
is because when ReadWriteOncePod is used on a PV or PVC, it renders all
other access modes useless since it is most restrictive.
 2021-06-28 21:25:37 -07:00
Chris Henzie
48ba5020a2 ReadWriteOncePod PV access mode and feature gate 2021-06-28 21:25:35 -07:00
Chris Henzie
358d2e0bd1 Export contains access mode helper method 
Will be used during validation of PVs and PVCs
 2021-06-28 21:24:56 -07:00
Chris Henzie
83e3ee780a Rename access mode contains helper method 
So it is consistent with other methods performing the same check (one
for internal and external types)
 2021-06-28 21:24:56 -07:00
Chris Henzie
dba8ee229e Add validation options for PersistentVolumeClaims 
These options provide an extensible way of configuring how PVCs are
validated
 2021-06-28 21:24:55 -07:00
Chris Henzie
9ba0eed7c5 Add validation options for PersistentVolumes 
These options provide an extensible way of configuring how PVs are
validated
 2021-06-28 21:24:55 -07:00
Kubernetes Prow Robot
d92f6c424d Merge pull request #103099 from liggitt/podsecurity 
PodSecurity admission
 2021-06-28 20:46:52 -07:00
Kubernetes Prow Robot
db3a216fbb Merge pull request #97238 from andrewsykim/kube-proxy-handle-terminating 
kube-proxy handle terminating endpoints
 2021-06-28 20:46:40 -07:00
Kubernetes Prow Robot
15d3c3a5e2 Merge pull request #102821 from ehashman/phase-fix 
Ensure kubelet statuses can handle loss of container runtime state
 2021-06-28 15:38:40 -07:00
Kubernetes Prow Robot
38f012320f Merge pull request #101947 from cynepco3hahue/memory_manager_move_to_beta 
memory manager: move to beta
 2021-06-28 15:38:28 -07:00
Jordan Liggitt
f39bddd767 PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
Jordan Liggitt
65a42a483c PodSecurity: pkg/features: feature gate 2021-06-28 17:45:35 -04:00
Kubernetes Prow Robot
51e1969d9c Merge pull request #103133 from marwanad/allow-scheduler-to-patch-conditions 
switch scheduler to generate the merge patch on pod status instead of the full pod
 2021-06-28 12:46:28 -07:00
Marwan Ahmed
48dfa2a554 generate scheduler merge patches on the pod status instead of the full pod 2021-06-28 09:35:55 -07:00
Aditi Sharma
def93317b4 Kubelet Credential Provider 
Improve concurrency and cache for credential provider

Removed lock from "Provide" as it can be called in parallel
from image puller. To avoid execing for the same image concurrently
wrapped exec in singleflight.

Purging the cache for expried data with 15mins interval only when
a request for credential is made.

KEP:2133

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-06-28 21:15:03 +05:30