github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,929 Commits 1 Branch 31 Tags
2acdbae664bbc5ff9cd5d1ec07f93a14f444cef5
Commit Graph

49815 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
f44bb5e6e5 Merge pull request #125176 from mauri870/feature/testing-MainStart-go1.23 
pkg/util/coverage: update fakeTestDeps methods
 2024-05-29 15:40:38 -07:00
Shingo Omura
552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
Kubernetes Prow Robot
ee2c1ffa80 Merge pull request #124630 from carlory/fix-123731 
DRA: scheduler: index claim and class parameters to simplify lookup
 2024-05-29 14:38:14 -07:00
Kubernetes Prow Robot
1ebc3d2a64 Merge pull request #120699 from liyuerich/ptrderefcontroller 
drop deprecated pointer package in controller
 2024-05-29 10:12:36 -07:00
Mauri de Souza Meneguzzo
b8e5a3ed32 pkg/util/coverage: update fakeTestDeps methods 
Go 1.23 changed the signature of the testDeps interface so we need to
add a blank implementation for InitRuntimeCoverage to fakeTestDeps.
 2024-05-29 12:31:22 -03:00
Kubernetes Prow Robot
da02fdb2ae Merge pull request #123339 from skitt/canonical-json-patch 
Update kustomize, use canonical json-patch v4 import
 2024-05-29 08:02:24 -07:00
Kubernetes Prow Robot
1ff1207d22 Merge pull request #124017 from carlory/rm-ctrl-flags 
kube-controller-manager removes deprecated command flags
 2024-05-28 10:54:22 -07:00
Kubernetes Prow Robot
fad52aedfc Merge pull request #125086 from oxxenix/exponential-backoff 
add exponential backoff in NodeResourceSlices controller
 2024-05-28 02:46:43 -07:00
Stephen Kitt
5300466a5c Use canonical json-patch v4 import 
The canonical import for json-patch v4 is
gopkg.in/evanphx/json-patch.v4 (see
https://github.com/evanphx/json-patch/blob/master/README.md#get-it for
reference).

Using the v4-specific path should also reduce the risk of unwanted v5
upgrade attempts, because they won't be offered as automated upgrades
by dependency upgrade management tools, and they won't happen through
indirect dependencies (see
https://github.com/kubernetes/kubernetes/pull/120327 for context).

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2024-05-28 10:48:22 +02:00
Oksana Baranova
c4ec24890e nodeResourceSlicesController: add exponential backoff 2024-05-27 23:12:53 +03:00
Kubernetes Prow Robot
b2817dc432 Merge pull request #125040 from carlory/fix-125012 
Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser
 2024-05-27 04:58:20 -07:00
carlory
3072987fcc DRA: scheduler: index claim and class parameters to simplify lookup 2024-05-27 15:57:10 +08:00
carlory
214287b370 kube-controller-manager removed deprecated command flags: --volume-host-cidr-denylist and --volume-host-allow-local-loopback 2024-05-27 10:59:09 +08:00
Kubernetes Prow Robot
ef39aa896a Merge pull request #124948 from SataQiu/clean-20240519 
kube-controller-manager: remove the deprecated horizontal-pod-autoscaler-upscale-delay and horizontal-pod-autoscaler-downscale-delay flags
 2024-05-23 08:15:56 -07:00
Kubernetes Prow Robot
b42bb8fa58 Merge pull request #124060 from iholder101/swap/tmpfs-noswap 
[KEP-2400] Mount tmpfs memory-backed volumes with a noswap option if supported
 2024-05-23 07:02:03 -07:00
carlory
3812fa1d6d Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser. 
Co-authored-by: rphillips <rphillips@redhat.com>
 2024-05-23 12:44:51 +08:00
Kubernetes Prow Robot
dad8fe71f2 Merge pull request #124220 from HirazawaUi/fix-pod-restarted 
[kubelet]: fixed container restart due to pod spec field changes
 2024-05-22 15:43:36 -07:00
Kubernetes Prow Robot
74d578485d Merge pull request #123910 from MarSik/fix-printer-leap-y 
Fix printers tests - remove dependency on leap years
 2024-05-22 07:51:29 -07:00
HirazawaUi
3ec13c5e37 remove HashWithoutResources field 2024-05-22 10:01:31 +08:00
HirazawaUi
f6b650430a fixed container restart due to field changes 2024-05-22 09:55:46 +08:00
Kubernetes Prow Robot
0f584a9b86 Merge pull request #124933 from AxeZhan/fix_panic 
[Scheduler] Use allNodes when calculating nextStartNodeIndex
 2024-05-21 10:29:35 -07:00
Kubernetes Prow Robot
027f346f60 Merge pull request #124926 from kerthcet/feat/sharing-waitingPods 
enhancement(scheduler): share waitingPods among profiles
 2024-05-21 03:37:14 -07:00
Itamar Holder
a6b971f14b Use kubelet owned directories for mounting rather than /tmp 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
74f29880bd Replace log entry by a warning event 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
29535c0463 Warn of swap is enabled on the OS and tmpfs noswap is not supported 
When --fail-swap-on=false kubelet CLI argument
is provided, but tmpfs noswap is not supported
by the kernel, warn about the risks of memory-backed
volumes being swapped into disk

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
e7df4d17c4 Add a isSwapOnAccordingToProcSwaps() function and swap utils unit tests 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
2a174d09fa If the kernel version is at least 6.4, assume tmpfs noswap is supported 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
3b9b03935e unit test: Use tmpfs noswap if supported 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
fb6c78c90b Use tmpfs noswap if supported 
use the tmpfs noswap option in order
to mount memory-backed volumes if it's supported.

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
John McGrath
e72788d58e Revert "DisableServiceLinks admission controller" 2024-05-20 12:20:46 -05:00
Kubernetes Prow Robot
56147500da Merge pull request #124929 from HirazawaUi/remove-unused-proxy-function 
[kube-proxy]: Remove unused util functions
 2024-05-20 10:17:57 -07:00
Kubernetes Prow Robot
073c1596f2 Merge pull request #124602 from Iceber/fix_discovery_prioritized_versions 
fix the version order of 'discovery.k8s.io'
 2024-05-20 09:12:20 -07:00
HirazawaUi
facf702e64 Remove useless util functions 2024-05-20 19:57:43 +08:00
SataQiu
4bd3baece3 kube-controller-manager: remove the deprecated horizontal-pod-autoscaler-upscale-delay and horizontal-pod-autoscaler-downscale-delay flags 2024-05-19 17:49:23 +08:00
AxeZhan
d6d1e6ad8a base on allNodes when calculating nextStartNodeIndex 2024-05-18 00:30:38 +08:00
NoicFank
31a4b13238 enhancement(scheduler): share waitingPods among profiles 2024-05-17 17:07:27 +08:00
Kubernetes Prow Robot
0aa01be424 Merge pull request #124906 from liggitt/pod-list-panic 
Fix printPod panic with spurious container statuses
 2024-05-16 12:27:47 -07:00
Kubernetes Prow Robot
2a003648b0 Merge pull request #124793 from mimowo/fix-managed-by-comment 
Fix the comment for the Job managedBy field
 2024-05-16 10:50:57 -07:00
Kubernetes Prow Robot
06b813fd29 Merge pull request #124634 from saschagrunert/cri-staging-code 
Move `pkg/kubelet/cri/remote` to `cri-client`
 2024-05-16 07:33:06 -07:00
Jordan Liggitt
5c1660c5e9 Fix printPod panic with spurious container statuses 2024-05-16 09:16:37 -04:00
Kubernetes Prow Robot
60ca8489be Merge pull request #124790 from carlory/cleanup-volume-cluster 
Remove clusterName from VolumeOptions
 2024-05-15 17:23:12 -07:00
Kubernetes Prow Robot
a7ece470e5 Merge pull request #124063 from olyazavr/immediate-eviction-grace-period-fix 
fix grace period used for immediate evictions
 2024-05-15 16:14:12 -07:00
Kubernetes Prow Robot
59da2738ee Merge pull request #124798 from mimowo/do-not-remove-job-finalizers-from-crd 
Do not clean Job tracking finalizer for Pods owned by non-batch/Job
 2024-05-14 13:54:25 -07:00
Toru Komatsu
5722db7aa3 QueueingHint for CSILimit when deleting pods (#121508) 
Signed-off-by: utam0k <k0ma@utam0k.jp>
 2024-05-14 11:07:11 -07:00
Michal Wozniak
a6c9d5ba00 Do not remove Job's finalizer from Pod owned by a non-batch/v1 Job 2024-05-14 17:29:23 +02:00
Sascha Grunert
2aa9e76be1 Move pkg/kubelet/cri/remote to cri-client 
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-14 10:58:18 +02:00
carlory
21baa25e1a remove BulkVolumeVerifier interface from volume 2024-05-14 14:17:25 +08:00
Kubernetes Prow Robot
4f04dffe5b Merge pull request #124826 from mjudeikis/mjudeikis/plugins.move.to.generics 
Move to generics for sets in kubeapiserver plugins
 2024-05-13 14:09:58 -07:00
Kubernetes Prow Robot
59ba132f16 Merge pull request #124544 from carlory/remove-cephfs 
remove the support for in-tree volume plugin cephfs
 2024-05-13 14:09:52 -07:00
Kubernetes Prow Robot
8352c09592 Merge pull request #124323 from bart0sh/PR142-dra-fix-cache-integrity 
kubelet: DRA: fix cache integrity
 2024-05-13 09:54:02 -07:00