github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,980 Commits 1 Branch 31 Tags
52302e4ad51e6014d013df303219dffc310f565a
Commit Graph

49829 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
790dfdbe38 Merge pull request #125238 from munnerz/kep-4193-nodebinding-beta 
KEP-4193: promote ServiceAccountTokenNodeBinding feature to beta
 2024-05-31 12:27:18 -07:00
Kubernetes Prow Robot
6d0aab2e38 Merge pull request #125014 from carlory/fix-120287 
Remove volumesNeedReportedInUse for reconstructed volumes
 2024-05-31 05:32:24 -07:00
Kubernetes Prow Robot
4cc989a7a9 Merge pull request #124740 from bells17/use-sets-set-string 
[pkg/volume] Changed to use sets.Set[string] instead of sets.String
 2024-05-31 05:32:15 -07:00
James Munnelly
5481e630de KEP-4193: promote ServiceAccountTokenNodeBinding feature to beta 2024-05-31 12:16:03 +01:00
Kubernetes Prow Robot
6938c29a38 Merge pull request #125225 from aojea/ipmode 
fix loadbalancer status comparison
 2024-05-30 18:34:57 -07:00
Antonio Ojea
59adf3f833 remove unused function LoadBalancerStatusEqual 
It is duplicated in the cloud provider package, and is only used
there for the service load balancer controller.
 2024-05-30 23:03:54 +00:00
Kubernetes Prow Robot
f30a87d517 Merge pull request #122832 from benluddy/cbor-fuzz-native-to-unstructured-via 
KEP-4222: Add roundtrip tests to Unstructured via CBOR and JSON.
 2024-05-30 15:00:31 -07:00
Kubernetes Prow Robot
a0e3a70d53 Merge pull request #124671 from saschagrunert/logs-staging 
Move `pkg/kubelet/kuberuntime/logs` to `k8s.io/cri-client` staging
 2024-05-30 13:26:01 -07:00
Kubernetes Prow Robot
72226c7511 Merge pull request #123315 from bart0sh/PR134-graduate-DevicePluginCDIDevices-to-GA 
Graduate DevicePluginCDIDevices to GA
 2024-05-30 08:17:06 -07:00
Sascha Grunert
0c9949b6ec Move pkg/kubelet/kuberuntime/logs to k8s.io/cri-client staging 
Particulary helpful to decouple cri-tools from k/k.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-30 15:13:22 +02:00
Kubernetes Prow Robot
f44bb5e6e5 Merge pull request #125176 from mauri870/feature/testing-MainStart-go1.23 
pkg/util/coverage: update fakeTestDeps methods
 2024-05-29 15:40:38 -07:00
Shingo Omura
552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
Ben Luddy
0600269c1a Fuzz roundtrip to Unstructured via both JSON and CBOR. 2024-05-29 17:48:10 -04:00
Kubernetes Prow Robot
ee2c1ffa80 Merge pull request #124630 from carlory/fix-123731 
DRA: scheduler: index claim and class parameters to simplify lookup
 2024-05-29 14:38:14 -07:00
Kubernetes Prow Robot
1ebc3d2a64 Merge pull request #120699 from liyuerich/ptrderefcontroller 
drop deprecated pointer package in controller
 2024-05-29 10:12:36 -07:00
Mauri de Souza Meneguzzo
b8e5a3ed32 pkg/util/coverage: update fakeTestDeps methods 
Go 1.23 changed the signature of the testDeps interface so we need to
add a blank implementation for InitRuntimeCoverage to fakeTestDeps.
 2024-05-29 12:31:22 -03:00
Kubernetes Prow Robot
da02fdb2ae Merge pull request #123339 from skitt/canonical-json-patch 
Update kustomize, use canonical json-patch v4 import
 2024-05-29 08:02:24 -07:00
Kubernetes Prow Robot
1ff1207d22 Merge pull request #124017 from carlory/rm-ctrl-flags 
kube-controller-manager removes deprecated command flags
 2024-05-28 10:54:22 -07:00
Kubernetes Prow Robot
fad52aedfc Merge pull request #125086 from oxxenix/exponential-backoff 
add exponential backoff in NodeResourceSlices controller
 2024-05-28 02:46:43 -07:00
Stephen Kitt
5300466a5c Use canonical json-patch v4 import 
The canonical import for json-patch v4 is
gopkg.in/evanphx/json-patch.v4 (see
https://github.com/evanphx/json-patch/blob/master/README.md#get-it for
reference).

Using the v4-specific path should also reduce the risk of unwanted v5
upgrade attempts, because they won't be offered as automated upgrades
by dependency upgrade management tools, and they won't happen through
indirect dependencies (see
https://github.com/kubernetes/kubernetes/pull/120327 for context).

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2024-05-28 10:48:22 +02:00
Oksana Baranova
c4ec24890e nodeResourceSlicesController: add exponential backoff 2024-05-27 23:12:53 +03:00
Kubernetes Prow Robot
b2817dc432 Merge pull request #125040 from carlory/fix-125012 
Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser
 2024-05-27 04:58:20 -07:00
carlory
3072987fcc DRA: scheduler: index claim and class parameters to simplify lookup 2024-05-27 15:57:10 +08:00
carlory
214287b370 kube-controller-manager removed deprecated command flags: --volume-host-cidr-denylist and --volume-host-allow-local-loopback 2024-05-27 10:59:09 +08:00
Kubernetes Prow Robot
ef39aa896a Merge pull request #124948 from SataQiu/clean-20240519 
kube-controller-manager: remove the deprecated horizontal-pod-autoscaler-upscale-delay and horizontal-pod-autoscaler-downscale-delay flags
 2024-05-23 08:15:56 -07:00
Kubernetes Prow Robot
b42bb8fa58 Merge pull request #124060 from iholder101/swap/tmpfs-noswap 
[KEP-2400] Mount tmpfs memory-backed volumes with a noswap option if supported
 2024-05-23 07:02:03 -07:00
carlory
3812fa1d6d Fix kubelet on Windows fails if a pod has SecurityContext with RunAsUser. 
Co-authored-by: rphillips <rphillips@redhat.com>
 2024-05-23 12:44:51 +08:00
Kubernetes Prow Robot
dad8fe71f2 Merge pull request #124220 from HirazawaUi/fix-pod-restarted 
[kubelet]: fixed container restart due to pod spec field changes
 2024-05-22 15:43:36 -07:00
Kubernetes Prow Robot
74d578485d Merge pull request #123910 from MarSik/fix-printer-leap-y 
Fix printers tests - remove dependency on leap years
 2024-05-22 07:51:29 -07:00
HirazawaUi
3ec13c5e37 remove HashWithoutResources field 2024-05-22 10:01:31 +08:00
HirazawaUi
f6b650430a fixed container restart due to field changes 2024-05-22 09:55:46 +08:00
Kubernetes Prow Robot
0f584a9b86 Merge pull request #124933 from AxeZhan/fix_panic 
[Scheduler] Use allNodes when calculating nextStartNodeIndex
 2024-05-21 10:29:35 -07:00
Kubernetes Prow Robot
027f346f60 Merge pull request #124926 from kerthcet/feat/sharing-waitingPods 
enhancement(scheduler): share waitingPods among profiles
 2024-05-21 03:37:14 -07:00
carlory
2491560ae5 Remove volumesNeedReportedInUse for reconstructed volumes 2024-05-21 18:23:12 +08:00
Itamar Holder
a6b971f14b Use kubelet owned directories for mounting rather than /tmp 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
74f29880bd Replace log entry by a warning event 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
29535c0463 Warn of swap is enabled on the OS and tmpfs noswap is not supported 
When --fail-swap-on=false kubelet CLI argument
is provided, but tmpfs noswap is not supported
by the kernel, warn about the risks of memory-backed
volumes being swapped into disk

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
e7df4d17c4 Add a isSwapOnAccordingToProcSwaps() function and swap utils unit tests 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
2a174d09fa If the kernel version is at least 6.4, assume tmpfs noswap is supported 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
3b9b03935e unit test: Use tmpfs noswap if supported 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
fb6c78c90b Use tmpfs noswap if supported 
use the tmpfs noswap option in order
to mount memory-backed volumes if it's supported.

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
John McGrath
e72788d58e Revert "DisableServiceLinks admission controller" 2024-05-20 12:20:46 -05:00
Kubernetes Prow Robot
56147500da Merge pull request #124929 from HirazawaUi/remove-unused-proxy-function 
[kube-proxy]: Remove unused util functions
 2024-05-20 10:17:57 -07:00
Kubernetes Prow Robot
073c1596f2 Merge pull request #124602 from Iceber/fix_discovery_prioritized_versions 
fix the version order of 'discovery.k8s.io'
 2024-05-20 09:12:20 -07:00
HirazawaUi
facf702e64 Remove useless util functions 2024-05-20 19:57:43 +08:00
SataQiu
4bd3baece3 kube-controller-manager: remove the deprecated horizontal-pod-autoscaler-upscale-delay and horizontal-pod-autoscaler-downscale-delay flags 2024-05-19 17:49:23 +08:00
AxeZhan
d6d1e6ad8a base on allNodes when calculating nextStartNodeIndex 2024-05-18 00:30:38 +08:00
NoicFank
31a4b13238 enhancement(scheduler): share waitingPods among profiles 2024-05-17 17:07:27 +08:00
Kubernetes Prow Robot
0aa01be424 Merge pull request #124906 from liggitt/pod-list-panic 
Fix printPod panic with spurious container statuses
 2024-05-16 12:27:47 -07:00
Kubernetes Prow Robot
2a003648b0 Merge pull request #124793 from mimowo/fix-managed-by-comment 
Fix the comment for the Job managedBy field
 2024-05-16 10:50:57 -07:00