github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93,054 Commits 1 Branch 31 Tags 1,019 MiB
479249b3a3
Commit Graph

39582 Commits

Author SHA1 Message Date
Wei Huang
4e8ccf0187
Refactor and expose common preemption functions 2020-07-11 23:17:21 -07:00
Kubernetes Prow Robot
d06ff65943
Merge pull request #92876 from Huang-Wei/pdbLister 
Add pdbLister as a member field of struct DefaultPreemption
 2020-07-11 20:57:42 -07:00
Kubernetes Prow Robot
c23a4b08d7
Merge pull request #92874 from chelseychen/event-api 
Fix a few places where source field is empty when creating events via events/v1
 2020-07-11 20:57:31 -07:00
Kubernetes Prow Robot
11348a38d7
Merge pull request #92871 from liggitt/kube-features 
Move proxy features to kube_features
 2020-07-11 20:57:22 -07:00
Kubernetes Prow Robot
63926cf8e7
Merge pull request #92862 from giuseppe/cgroup-fix-leaks 
vendor: update github.com/opencontainers/runc
 2020-07-11 20:57:11 -07:00
Kubernetes Prow Robot
fa31f9fd26
Merge pull request #92860 from aojea/iptMonitor 
iptables: don't do reverse DNS lookups
 2020-07-11 20:57:02 -07:00
Kubernetes Prow Robot
016c2f64de
Merge pull request #92840 from adtac/listers 
selectorspread: access listers in plugin instantiation
 2020-07-11 20:56:23 -07:00
Kubernetes Prow Robot
67ec4b3cd7
Merge pull request #92838 from tnqn/endpointslicetrack-leak 
Fix memory leak in endpointSliceTracker
 2020-07-11 20:56:13 -07:00
Kubernetes Prow Robot
76e3b255e1
Merge pull request #92836 from aojea/minsyncperiod 
kube-proxy iptables min-sync-period default 1sec
 2020-07-11 20:56:03 -07:00
Kubernetes Prow Robot
23903c7f7c
Merge pull request #92825 from ZeroMagic/azurefile-tag 
Add tags support for Azure File Driver
 2020-07-11 20:55:50 -07:00
Hemant Kumar
ade2f83685 Simplify the code 2020-07-11 23:29:24 -04:00
Christian Huffman
9a7b073f4d Updated fuzzer to get RoundTripTest passing 2020-07-11 23:29:24 -04:00
Christian Huffman
e65f0f565a Updated dependencies 2020-07-11 23:29:24 -04:00
Christian Huffman
58bd3e5230 Include CSIDriver SupportsFsGroup 2020-07-11 23:29:24 -04:00
Kubernetes Prow Robot
70f68dbf74
Merge pull request #92856 from saschagrunert/psp-seccomp-ga 
Implement PodSecurityPolicy enforcement for seccomp GA
 2020-07-11 15:35:22 -07:00
Joe Betz
b12ac0abc6 Enable nested tracing, add request filter chain tracing incl. authn/authz tracing 2020-07-11 06:42:00 -07:00
Hemant Kumar
b8c0435bc2 Handle volume-in-use error 2020-07-11 09:02:58 -04:00
Kubernetes Prow Robot
93e76f5081
Merge pull request #92442 from tedyu/grace-period-with-map 
Respect grace period when removing mirror pod
 2020-07-10 17:49:23 -07:00
Kubernetes Prow Robot
5a5cb56e11
Merge pull request #92816 from divyenpatel/change-migration-flag-to-beta 
Set CSIMigrationvSphere feature gates to beta
 2020-07-10 15:43:21 -07:00
Kubernetes Prow Robot
36b4c2942b
Merge pull request #92815 from Huang-Wei/bypass-prefilter-svcaffinity 
Bypass PreFilter in ServiceAfffinity if AffinityLabels arg is not present
 2020-07-10 15:43:11 -07:00
Kubernetes Prow Robot
fbc9cf0894
Merge pull request #92797 from ahg-g/ahg-prefilter 
Return a FitError when PreFilter fails with unschedulable status
 2020-07-10 15:42:31 -07:00
Kubernetes Prow Robot
26da0ea91e
Merge pull request #92794 from klueska/upstream-more-tests-get-preferred-allocation 
Add more tests for device plugin's GetPreferredAllocation() API
 2020-07-10 15:42:21 -07:00
Kubernetes Prow Robot
0cb7e320a5
Merge pull request #92784 from pohly/generic-ephemeral-inline-volumes 
generic ephemeral inline volumes
 2020-07-10 15:41:46 -07:00
Kubernetes Prow Robot
a6378d8b12
Merge pull request #92779 from fisherxu/patch-2 
Return err when create ContainerLogsDir failed
 2020-07-10 15:41:37 -07:00
Kubernetes Prow Robot
4efed03276
Merge pull request #91637 from robscott/endpointslice-mirroring 
Adding new EndpointSlice Mirroring Controller
 2020-07-10 10:19:48 -07:00
Sascha Grunert
96fb83c4c1
Implement PodSecurityPolicy enforcement for seccomp GA 
This implements the necessary pieced for the PodSecurityPolicy
enforcement like described in the appropriate KEP section:

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190717-seccomp-ga.md#podsecuritypolicy-enforcement

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-10 15:55:21 +02:00
Kubernetes Prow Robot
26f0227019
Merge pull request #91408 from saschagrunert/seccomp-api-migration 
Add seccomp GA version skew for pods
 2020-07-10 04:29:48 -07:00
Kubernetes Prow Robot
dd649bb7ef
Merge pull request #91342 from mgugino-upstream-stage/evict-deleted-ok 
Eviction: ignore PDBs if pods with DeletionTimestamp
 2020-07-09 15:30:33 -07:00
Patrick Ohly
ff3e5e06a7 GenericEphemeralVolume: initial implementation 
The implementation consists of
- identifying all places where VolumeSource.PersistentVolumeClaim has
  a special meaning and then ensuring that the same code path is taken
  for an ephemeral volume, with the ownership check
- adding a controller that produces the PVCs for each embedded
  VolumeSource.EphemeralVolume
- relaxing the PVC protection controller such that it removes
  the finalizer already before the pod is deleted (only
  if the GenericEphemeralVolume feature is enabled): this is
  needed to break a cycle where foreground deletion of the pod
  blocks on removing the PVC, which waits for deletion of the pod

The controller was derived from the endpointslices controller.
 2020-07-09 23:29:24 +02:00
David Ashpole
1f70708f6c update cAdvisor to v0.37.0 2020-07-09 10:23:10 -07:00
Kubernetes Prow Robot
3a5e7ea986
Merge pull request #92752 from chendave/skip_preemption 
Cut off the cost to run filter plugins when no victim pods are found
 2020-07-09 09:10:10 -07:00
Kubernetes Prow Robot
10aeb93e07
Merge pull request #92736 from robscott/endpointslice-proxying-beta 
Graduating EndpointSliceProxying to beta for Linux
 2020-07-09 09:09:48 -07:00
Kubernetes Prow Robot
d9b084a9d1
Merge pull request #89629 from fatedier/subpath 
Modified subpath configmap mount fails when container restarts
 2020-07-09 09:06:32 -07:00
David Eads
1233a6f63e generated 2020-07-09 08:14:55 -04:00
David Eads
e88fecf26b allow setting different certificates for kube-controller-managed CSR signers 2020-07-09 08:14:55 -04:00
Kubernetes Prow Robot
70e09f2c24
Merge pull request #88842 from angao/fit-arg 
add args for NodeResourcesFit plugin
 2020-07-09 05:04:10 -07:00
Patrick Ohly
32fdf688b3 GenericEphemeralVolume: 'make update' for API 2020-07-09 11:03:03 +02:00
Patrick Ohly
c05c8e915b GenericEphemeralVolume: feature gate, API, documentation 
As explained in
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1698-generic-ephemeral-volumes,
CSI inline volumes are not suitable for more "normal" kinds of storage
systems. For those a new approach is needed: "generic ephemeral inline
volumes".
 2020-07-09 11:02:59 +02:00
Giuseppe Scrivano
0d2a493a8f
kubelet: skip setting the devices cgroup 
use the new libcontainer feature of skipping setting the devices
cgroup.  This is necessary on cgroup v2 to avoid leaking a eBPF
program every time the cgroup is re-configured.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2020-07-09 09:37:46 +02:00
Kubernetes Prow Robot
83f50ba0e8
Merge pull request #92542 from dgrisonnet/cli-fix-event-series 
Fix v1beta1.Event printing in kubectl
 2020-07-09 00:05:30 -07:00
Kubernetes Prow Robot
55d77ade67
Merge pull request #92489 from alculquicondor/sig-storage-ownership 
Add SIG storage owner aliases
 2020-07-09 00:05:20 -07:00
Kubernetes Prow Robot
94a08e159a
Merge pull request #92387 from pohly/csi-storage-capacity 
CSI storage capacity check
 2020-07-09 00:04:59 -07:00
Kubernetes Prow Robot
c2e6e147be
Merge pull request #92160 from YuikoTakada/add_deprecated_description_scheduling_duration_seconds 
Add Deprecated description to metrics scheduling_duration_seconds
 2020-07-09 00:04:48 -07:00
Kubernetes Prow Robot
1e3eeba9fa
Merge pull request #91577 from knabben/kubelet-bootstrap 
kubelet: remove the --bootstrap-checkpoint-path feature
 2020-07-09 00:03:41 -07:00
Kubernetes Prow Robot
4ee555252c
Merge pull request #83710 from edwardstudy/ed/typo 
Fix comment typos in pkg/kubelet/prober
 2020-07-09 00:02:58 -07:00
ZeroMagic
7e7cf6a314 add tags support for azure file driver 
Signed-off-by: ZeroMagic <jiliu8@microsoft.com>
 2020-07-09 03:47:24 +00:00
Paulo Gomes
b451563560
Add seccomp least privilege for kuberuntime 2020-07-08 22:03:29 +01:00
Ted Yu
a76a959294 Respect grace period when removing mirror pod 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-07-08 13:38:24 -07:00
Joel Smith
f34b586d01 Include pod /etc/hosts in ephemeral storage calculation for eviction 2020-07-08 12:58:11 -06:00
Wei Huang
d65a97848e
codegen 2020-07-08 09:58:42 -07:00
Wei Huang
4b26ef2217
Remove DisablePreemption field from SchedulerConfig v1beta1 
DisablePreemption field can be removed as it can be deduced from PostFilterPlugins.
 2020-07-08 09:58:42 -07:00
Antonio Ojea
924553b7ee iptables don't do reverse DNS lookups 
the iptables monitor was using iptables -L to list the chains,
without the -n option, so it was trying to do reverse DNS lookups.
A side effect is that it was holding the lock, so other components
could not use it.
We can use -S instead of -L -n to avoid this, since we only want
to check the chain exists.
 2020-07-08 18:39:22 +02:00
Anthony ARNAUD
056d73b1a1
Add deviceManager in windows container manager 2020-07-08 18:22:16 +02:00
Divyen Patel
e01de65444 setting CSIMigrationvSphere feature gates to beta 2020-07-08 07:36:44 -07:00
Chelsey Chen
e010436e2a Update conversion between ReportingController and Source.Component 2020-07-08 08:46:38 -04:00
andyzhangx
f007c68ae9 doc: deprecate azure blob disk feature 2020-07-08 10:48:58 +00:00
Damien Grisonnet
ceb8c2fbf4 Fix v1beta1 events printing in kubectl 
printers: handle series when printing events
printers: handle singleton when printing events

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
 2020-07-08 12:09:41 +02:00
Rob Scott
8039cf9bb1
Graduating EndpointSliceProxying to beta for Linux 2020-07-07 14:18:03 -07:00
Wei Huang
9d377eb655
Add pdbLister as a member field of struct DefaultPreemption 2020-07-07 12:25:53 -07:00
Jordan Liggitt
8d03ace92b Move proxy features to kube_features 2020-07-07 12:34:18 -04:00
Quan Tian
087682584d Fix memory leak in endpointSliceTracker 
endpointSliceTracker creates a set of resource versions for each
service, the resource versions in the set could be deleted when
endpointslices are deleted, but the set and its key in the map is never
deleted, leading to memory leak.

This patch deletes the set if the service is deleted, and stops
initializing an empty set when "read-only" methods "Has" and "Stale" are
called.
 2020-07-08 00:15:30 +08:00
Kubernetes Prow Robot
5afc42de95
Merge pull request #78373 from tedyu/sort-init-container 
Sort init container statuses using non-nested loop
 2020-07-07 09:13:58 -07:00
Adhityaa Chandrasekar
832a53acdb selectorspread: access listers in plugin instantiation 2020-07-07 14:45:28 +00:00
Aldo Culquicondor
27ec356d76 Add SIG storage owner aliases 
And give ownership to pkg/scheduler/framework/plugins/volumebinding

Signed-off-by: Aldo Culquicondor <acondor@google.com>
Change-Id: I4bd89b1745a2be0e458601056ab905bdd6692195
 2020-07-07 10:26:16 -04:00
Kubernetes Prow Robot
7e75a5ef43
Merge pull request #87273 from SaranBalaji90/kubelet-log-file 
Add support for disabling /logs endpoint in kubelet
 2020-07-07 04:09:58 -07:00
Antonio Ojea
f8e64d31f9 kube-proxy iptables min-sync-period default 1sec 
Currently kube-proxy defaults the min-sync-period for
iptables to 0. However, as explained by Dan Winship,

"With minSyncPeriod: 0, you run iptables-restore 100 times.
 With minSyncPeriod: 1s , you run iptables-restore once.
 With minSyncPeriod: 10s , you also run iptables-restore once,
 but you might have to wait 10 seconds first"
 2020-07-07 11:23:00 +02:00
Kubernetes Prow Robot
aaf40adcd0
Merge pull request #92461 from Haleygo/001 
update static check failed from pkg/volume/rbd
 2020-07-07 00:57:58 -07:00
Kevin Klues
26cb650655 Remove unnecessary union after call to GetPreferredAllocation() 
There is no need to try and allocate already-allocated devices again.
 2020-07-07 06:35:57 +00:00
Kevin Klues
67ecc11c44 Harden callGetPreferredAllocationIfAvailable() return value 
Previously, we didn't check the contents of the result after calling out
to the plugin endpoint. This could have resulted in errors if the plugin
returned either 'nil' or an empty result. This patch fixes this.
 2020-07-07 06:35:57 +00:00
Kevin Klues
d87365494a Fix bug in call to callGetPreferredAllocationIfAvailable() 
Previously, we were passing the variable 'devices' to this function,
when we should have been passing 'allocated'. This bug crept in due to a
variable name change that didn't propogate its way through the entire
function. The tests added in the previous commit would have caught this.
 2020-07-07 06:35:57 +00:00
Kevin Klues
d551ab1e78 Add tests to check paramaters passed to GetPreferredAllocation() 
These tests uncovered some small bugs that will be fixed in a subsequent
set of commits.
 2020-07-07 06:35:57 +00:00
Dave Chen
028af0970f Cut off the cost to run filter plugins when no victim pods are found 
If no potential victims could be found, there is no need to evaluate the node
again, since its state didn't change.

It's safe to return and thus prevent scheduling from running the filter plugins
again.

NOTE:
A node that is filtered out by filter plugins could pass the filter plugins if
there is a change on that node, i.e. pods termination on that node.

Previously, this could be either caught by the normal `schedule` or `preempt` (pods
are terminated when the preemption logic tries to find the nodes and re-evaluate
the filter plugins.)

Actually, this shouldn't be taken care by the preemption, consider the routine
of `schedule` is always running when the interval is "zero", let `schedule`
take care of it will release `preempt` from something irrelevant with the `preemption`.

Due to above reason, couple of testcase as well as the logic of checking the existence
of victim pods are removed as it will never happen after the change.

Signed-off-by: Dave Chen <dave.chen@arm.com>
 2020-07-07 09:55:34 +08:00
Fei Xu
34826c82be Return err when create ContainerLogsDir failed 2020-07-07 09:36:35 +08:00
Rob Scott
fa59370e93
Adding new logging, event, and metric to better capture when mirroring addresses is skipped 2020-07-06 12:43:35 -07:00
Rob Scott
e701cb0205
Enabling the EndpointSliceMirroring controller, adding related config 2020-07-06 12:43:34 -07:00
Rob Scott
0695896caa
Updating apiserver Endpoints management to set skip-mirror label 
This will ensure that the self-referential kubernetes Endpoints
resources is not mirrored by the EndpointSliceMirroring controller.
 2020-07-06 12:43:33 -07:00
Rob Scott
8691466059
Adding EndpointSliceMirroring controller 
This will mirror custom Endpoints to EndpointSlices to ensure that
applications will not need to maintain both separately.
 2020-07-06 12:43:33 -07:00
Abdullah Gharaibeh
c98dee4945 Return a FitError when PreFilter fails with unschedulable status 2020-07-06 15:02:07 -04:00
Patrick Ohly
0efbbe8555 CSIStorageCapacity: check for sufficient storage in volume binder 
This uses the information provided by a CSI driver deployment for
checking whether a node has access to enough storage to create the
currently unbound volumes, if the CSI driver opts into that checking
with CSIDriver.Spec.VolumeCapacity != false.

This resolves a TODO from commit 95b530366a.
 2020-07-06 19:20:10 +02:00
Kubernetes Prow Robot
a26e5881d8
Merge pull request #92786 from answer1991/feature/enhance-bootstrap-certificate 
make Kubelet bootstrap certificate signal aware
 2020-07-06 09:52:52 -07:00
Sri Saran Balaji Vellore Rajakumar
05240c9218 Add support for disabling /logs endpoint in kubelet 2020-07-06 07:52:30 -07:00
chenjun.cj
db71941775 make Kubelet bootstrap certificate signal aware 2020-07-06 22:30:27 +08:00
Sascha Grunert
c3ba2d8b8b
Add seccomp GA version skew for pods 
This adds a new conversion function to the pod strategy to handle the
seccomp version skew strategy:

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190717-seccomp-ga.mdversion-skew-strategy

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 16:06:24 +02:00
Paulo Gomes
8976e3620f
Add seccomp enforcement and validation based on new GA fields 
Adds seccomp validation.

This ensures that field and annotation values must match when present.

Co-authored-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 09:13:25 +01:00
Wei Huang
07583bf95b
Bypass PreFilter in ServiceAfffinity if AffinityLabels arg is not present 2020-07-05 23:37:04 -07:00
Kubernetes Prow Robot
9e70d6f805
Merge pull request #91738 from jsafrane/fix-iscsi-metadata 
iscsi: don't write json medata file when the volume is already mounted.
 2020-07-04 16:06:48 -07:00
Kubernetes Prow Robot
393f9e94e4
Merge pull request #92417 from wawa0210/ipam-staticcheck 
Ipam staticcheck
 2020-07-04 00:30:48 -07:00
Kubernetes Prow Robot
86096addb1
Merge pull request #92689 from chendave/fix_testcase 
Fix the nits found in the testcases of `PodTopologySpread`
 2020-07-03 20:31:26 -07:00
Kubernetes Prow Robot
efb56da4a5
Merge pull request #92665 from klueska/upstream-add-get-preferred-allocation-api 
Add GetPreferredAllocation() call to the v1beta1 device plugin API
 2020-07-03 20:31:16 -07:00
Kubernetes Prow Robot
d3aafb231b
Merge pull request #92609 from andrewsykim/ipvs-binded-addr 
proxier/ipvs: check already binded addresses in the IPVS dummy interface
 2020-07-03 20:31:02 -07:00
Kubernetes Prow Robot
faff3c5378
Merge pull request #91527 from danwinship/ipfamily-api-docs 
api: update Service.Spec.IPFamily docs
 2020-07-03 16:36:47 -07:00
Patrick Ohly
9a66e8e1b5 CSIStorageCapacity: 'make update' 2020-07-03 21:54:14 +02:00
Patrick Ohly
1089954fa6 CSIStorageCapacity: CSIDriver.Spec.StorageCapacity field 
This is needed to inform the Kubernetes pod scheduler whether it has
to check CSIStorageCapacity objects for available capacity.
 2020-07-03 21:54:14 +02:00
Patrick Ohly
22aeb81e84 CSIStorageCapacity: CSIStorageCapacity API 
This adds the CSIStorageCapacity API change for
https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1472-storage-capacity-tracking
 2020-07-03 21:54:14 +02:00
Kevin Klues
5bd0db0b1f Add new test cases for GetPreferredAllocation() in allocation path 2020-07-03 13:01:32 +00:00
Kevin Klues
83f18d9975 Remove unnecessary field from TestTopologyAlignedAllocation() test cases 2020-07-03 13:01:32 +00:00
Kevin Klues
bb08fd1135 Add a simple endpoint test for GetPreferredAllocation() 
More extensive tests that exercise the allocation logic are to follow.
 2020-07-03 13:01:32 +00:00
Kevin Klues
cbd405d85c Update existing tests in support of GetPreferredallocation() 2020-07-03 13:01:32 +00:00
Kubernetes Prow Robot
b6cbe1b8de
Merge pull request #92662 from chelseychen/event-api-fallback 
Switch event recorder to use events.k8s.io/v1
 2020-07-03 05:03:15 -07:00
Kubernetes Prow Robot
19883b50f8
Merge pull request #92604 from soulxu/fix_preemption_with_nominated_node 
The Pod is eligible to preempt when previous nominanted node is UnschedulableAndUnresolvable
 2020-07-03 05:03:01 -07:00