github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,629 Commits 1 Branch 31 Tags
699984f25a80a39bbb112e657f08d76779cdc3a0
Commit Graph

49365 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
699984f25a Merge pull request #123641 from liggitt/authz-config-beta-gate 
Promote StructuredAuthorizationConfiguration feature gate to beta
 2024-03-04 18:38:23 -08:00
Kubernetes Prow Robot
5b6d8a4293 Merge pull request #123532 from serathius/separate-rpc 
Move cacher watch to separate rpc preventing starvation
 2024-03-04 18:38:14 -08:00
Kubernetes Prow Robot
439f7df65b Merge pull request #122320 from armstrongli/master 
allow service NodePort to be updated to 0 in case AllocateLoadBalance…
 2024-03-04 18:38:05 -08:00
Kubernetes Prow Robot
6929a11f69 Merge pull request #123481 from sanposhiho/mindomain-stable 
graduate MinDomainsInPodTopologySpread to stable
 2024-03-04 17:18:53 -08:00
Kubernetes Prow Robot
f745503112 Merge pull request #123413 from seans3/tunneling-spdy-websockets 
PortForward: Tunnel SPDY through WebSockets
 2024-03-04 17:18:44 -08:00
Kubernetes Prow Robot
e4ee7b005c Merge pull request #123323 from gjkim42/add-ValidateInitContainerStateTransition 
Validate restartable init container state transition
 2024-03-04 16:21:30 -08:00
Kubernetes Prow Robot
1c789a9d46 Merge pull request #122422 from neolit123/1.30-update-hostaliases-note 
core/v1: remove note about hostAliases not working with hostNetwork
 2024-03-04 16:21:21 -08:00
Kubernetes Prow Robot
46a2137c1b Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics
 2024-03-04 14:09:30 -08:00
Kubernetes Prow Robot
6c8dc1d1ed Merge pull request #123609 from veshij/fix 
[kubernetes/scheduler] use lockless diagnosis collection in findNodes…
 2024-03-04 11:23:50 -08:00
Kubernetes Prow Robot
4ed7f6b4c4 Merge pull request #123583 from saschagrunert/image-id-container-status 
Add `image_id` to CRI `ContainerStatus` message
 2024-03-04 11:23:41 -08:00
Sean Sullivan
8b447d8c97 portforward: tunnel spdy through websockets 2024-03-04 11:10:30 -08:00
Jordan Liggitt
79b344d85e Add authorization webhook duration/count/failopen metrics 2024-03-04 14:01:15 -05:00
Kubernetes Prow Robot
89cbd94e68 Merge pull request #123593 from giuseppe/userns-use-kubelet-user-mappings 
KEP-127: kubelet: honor kubelet user mappings
 2024-03-04 10:24:52 -08:00
Kubernetes Prow Robot
d34fbeb0a3 Merge pull request #123446 from linxiulei/hit_cache 
Hit APIServer cache when testing healthiness
 2024-03-04 10:24:45 -08:00
Jan Safranek
c4163a9cb8 Add label with access mode to SELinux metrics 
In the KEP 1710 we promised to have all SELinux metrics with access mode
label, so cluster admin is able to distinguish when RWOP volumes are
failing to mount (-> SELinuxMountReadWriteOncePod feature gate must be
disabled) or volumes with any other access modes are failing (->
SELinuxMount feature gate must be disabled).

Adding the label to kubelet is quite straightforward, there were some
changes needed in the e2e test. Now grabMetrics() collects values of all
SELinux related metrics with all labels. It only skips unrelated volume
plugins. And waitForMetricIncrease gets metric with all labels on input, so
it can check that say RWOP metric increased and RWX one did not.
 2024-03-04 13:16:56 +01:00
Marek Siarkowicz
31d404b182 Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior 2024-03-04 12:51:06 +01:00
Kubernetes Prow Robot
e4a14fe0f5 Merge pull request #123575 from Huang-Wei/pod-scheduling-readiness-stable 
Graduate PodSchedulingReadiness to stable
 2024-03-03 22:29:38 -08:00
Kubernetes Prow Robot
1fceb815ac Merge pull request #123437 from tenzen-y/fix-job-validatioin-test-name 
Job: Fix test case names for the validations
 2024-03-02 13:33:18 -08:00
Kubernetes Prow Robot
4164e7c3a7 Merge pull request #123629 from thockin/master 
Get rid of unused API type NodeResources
 2024-03-02 12:33:18 -08:00
Rodrigo Campos
6174f199df kublet/userns: Add test switching feature gate off/on 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
4bb508dd30 kubelet/userns: Add unit test 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
0b69c2bc81 kubelet/userns: Use kubelet maxPods 
We don't have the alpha limitation anymore, let's just use the kubelet
maxPods instead of our hardcoded 1024 max.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
39c6815676 kubelet/userns: Remove alpha maxPods limitation 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
4180284dc9 pkg/kubelet/userns: Remove outdated test 
When we were alocating the whole UID space, the first range was reserved
to the host. Now we don't allocate the whole UID space, but just the
range configured, so the first range doesn't point to [0;65535] anymore,
so no need to test it is always set.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:43 +01:00
Giuseppe Scrivano
4c81e5c9dc features: promote UserNamespacesSupport to beta 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-03-02 12:15:43 +01:00
Giuseppe Scrivano
87a057d417 KEP-127: kubelet: honor kubelet user mappings 
allow to specify what IDs must be used by the kubelet to create user
namespaces.

If no additional UIDs/GIDs are not allocated to the "kubelet" user,
then the kubelet assumes it can use any ID on the system.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-03-02 12:15:39 +01:00
Jordan Liggitt
30256c8909 Promote StructuredAuthorizationConfiguration feature gate to beta 2024-03-02 02:12:36 -05:00
Kubernetes Prow Robot
8845c4c657 Merge pull request #123135 from munnerz/4193-beta-promotion 
KEP-4193: promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to beta
 2024-03-01 19:48:18 -08:00
Kubernetes Prow Robot
3e1da21801 Merge pull request #123611 from ritazh/authz-mcmetrics 
Add authz webhook matchcondition metrics
 2024-03-01 18:49:17 -08:00
Kubernetes Prow Robot
673d3c9e70 Merge pull request #122693 from yanggangtony/fix_kubelet_server_journal_linux 
Fix kubelet_server_journal --until parms.
 2024-03-01 16:59:38 -08:00
Kubernetes Prow Robot
cde4788a27 Merge pull request #123215 from adrianreber/2024-02-09-forensic-container-checkpointing-beta 
Switch 'ContainerCheckpoint' from Alpha to Beta
 2024-03-01 15:59:24 -08:00
Tim Hockin
467d5d745c Get rid of unused API type NodeResources 2024-03-01 15:13:50 -08:00
Rita Zhang
e76fce7566 add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-03-01 14:41:27 -08:00
Jefftree
301e804c3f Promote AggregatedDiscovery to GA 2024-03-01 13:15:22 -05:00
Kubernetes Prow Robot
24267f6aa7 Merge pull request #122438 from kannon92/splitfs-tests 
[KEP - 4191]: Use Cadvisor labels rather than hard coding them into kubelet
 2024-03-01 10:04:57 -08:00
Kubernetes Prow Robot
df366107d1 Merge pull request #123529 from thockin/go-workspaces 
Go workspaces for k/k and k/staging/*
 2024-03-01 08:43:03 -08:00
Oleg Guba
ba525460e0 change result size to numAllNodes 2024-03-01 02:06:17 -08:00
Kubernetes Prow Robot
ed1cc43cf7 Merge pull request #123399 from pohly/test-context-use-cancellation 
test: use cancellation from ktesting
 2024-03-01 01:03:23 -08:00
Kubernetes Prow Robot
6cc77a577e Merge pull request #123560 from ivelichkovich/master 
kep-3716 GA, remove feature gate
 2024-02-29 22:53:38 -08:00
Kubernetes Prow Robot
a6b806910a Merge pull request #123534 from kannon92/fix-downward-api-comment 
uid is also supported in field ref for downward api
 2024-02-29 22:53:29 -08:00
Patrick Ohly
1d653e6185 test: use cancelation from ktesting 
The return type of ktesting.NewTestContext is now a TContext. Code
which combined it WithCancel often didn't compile anymore (cannot overwrite
ktesting.TContext with context.Context). This is a good thing because all of
that code can be simplified to let ktesting handle the cancelation.
 2024-03-01 07:51:22 +01:00
Kevin Hannon
d58ff6c056 allow for cadvisor to detect split filesystem and add some e2e tests 2024-03-01 01:15:53 -05:00
Tim Hockin
16c26b22cb Run latest openapi generation 2024-02-29 22:07:38 -08:00
Tim Hockin
d6cf98f8ac Remove errant +required with no validation code 2024-02-29 22:07:37 -08:00
Tim Hockin
6420e64662 Move go-header-file flag to each tool 
Also remove the build-tag flag (unused, untested).

This changes some output comments (less redundant).
 2024-02-29 22:07:17 -08:00
Tim Hockin
6dbc754ed6 Retool typecheck to be simpler 
Instead of walking paths ourselves, just let Go's packages library do
it.  This is a slight CLI change - it wants "./foo" rather than "foo".

This also flagged a few things which seem to be legit failures.
 2024-02-29 22:07:00 -08:00
Tim Hockin
d772f7719d Remove defunct references to "vendor" 2024-02-29 22:06:52 -08:00
Tim Hockin
b3dd724174 Remove dep on set-gen: gone in gengo/v2 2024-02-29 22:06:18 -08:00
Tim Hockin
b725fd20c2 Fix update/verify-mocks.sh 
There appears to be a bug in `go generate` for workspaces which will be
fixed in the 1.22.1 release.
 2024-02-29 22:06:00 -08:00
Oleg Guba
e6dd36759f [kubernetes/scheduler] use lockless diagnosis collection in findNodesThatPassFilters 2024-02-29 20:43:50 -08:00