github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
123,142 Commits 1 Branch 31 Tags
9a830da048a436e445a612b51ffae9ecd0cc2d1d
Commit Graph

11335 Commits

Author SHA1 Message Date
Harshal Patil
966d304704 Report correct error after validating the root container 
Signed-off-by: Harshal Patil <harpatil@redhat.com>
 2024-06-11 16:42:59 -04:00
Kubernetes Prow Robot
d145bf0907 Merge pull request #125138 from AkihiroSuda/fix-125137 
kubelet: fix `Turning off swap in unprivileged tmpfs mounts unsupported`
 2024-06-09 19:43:11 -07:00
Kubernetes Prow Robot
f057f2de1c Merge pull request #124956 from TommyStarK/remove-deprecated-otel-noop-tracer 
cmd/kubelet: remove deprecated otel NewNoopTracerProvider
 2024-06-06 17:05:34 -07:00
Kubernetes Prow Robot
009a291573 Merge pull request #124677 from HirazawaUi/add-const-ContainerStatusUnknown 
kubelet: Use constant replace same value variables of the ContainerStateTerminated Reason field
 2024-06-06 17:05:23 -07:00
Kubernetes Prow Robot
e702c2e0b6 Merge pull request #124574 from zhangweikop/master 
enable kubelet server to dynamically load tls certificate files
 2024-06-06 09:16:29 -07:00
Wei Zhang
af2b0bdb05 add test 2024-06-06 03:07:40 +00:00
Wei Zhang
1b303fe5da enable kubelet server to dynamically load tls certificate files 2024-06-06 03:07:16 +00:00
Kubernetes Prow Robot
9c4181e234 Merge pull request #119786 from bzsuni/ut/pkg/kubelet/util 
[UT] add ut for pkg/kubelet/util
 2024-06-04 11:23:28 -07:00
Kubernetes Prow Robot
6d0aab2e38 Merge pull request #125014 from carlory/fix-120287 
Remove volumesNeedReportedInUse for reconstructed volumes
 2024-05-31 05:32:24 -07:00
Kubernetes Prow Robot
4cc989a7a9 Merge pull request #124740 from bells17/use-sets-set-string 
[pkg/volume] Changed to use sets.Set[string] instead of sets.String
 2024-05-31 05:32:15 -07:00
Sascha Grunert
0c9949b6ec Move pkg/kubelet/kuberuntime/logs to k8s.io/cri-client staging 
Particulary helpful to decouple cri-tools from k/k.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-30 15:13:22 +02:00
Shingo Omura
552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
Kubernetes Prow Robot
fad52aedfc Merge pull request #125086 from oxxenix/exponential-backoff 
add exponential backoff in NodeResourceSlices controller
 2024-05-28 02:46:43 -07:00
Oksana Baranova
c4ec24890e nodeResourceSlicesController: add exponential backoff 2024-05-27 23:12:53 +03:00
Akihiro Suda
b3175b8e99 kubelet: fix Turning off swap in unprivileged tmpfs mounts unsupported 
Fix issue 125137

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-05-27 19:07:06 +09:00
Kubernetes Prow Robot
b42bb8fa58 Merge pull request #124060 from iholder101/swap/tmpfs-noswap 
[KEP-2400] Mount tmpfs memory-backed volumes with a noswap option if supported
 2024-05-23 07:02:03 -07:00
Kubernetes Prow Robot
dad8fe71f2 Merge pull request #124220 from HirazawaUi/fix-pod-restarted 
[kubelet]: fixed container restart due to pod spec field changes
 2024-05-22 15:43:36 -07:00
TommyStarK
c0ed4972ac kubelet: remove deprecated otel NewNoopTracerProvider 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2024-05-22 17:38:20 +02:00
HirazawaUi
3ec13c5e37 remove HashWithoutResources field 2024-05-22 10:01:31 +08:00
HirazawaUi
f6b650430a fixed container restart due to field changes 2024-05-22 09:55:46 +08:00
carlory
2491560ae5 Remove volumesNeedReportedInUse for reconstructed volumes 2024-05-21 18:23:12 +08:00
Itamar Holder
a6b971f14b Use kubelet owned directories for mounting rather than /tmp 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
74f29880bd Replace log entry by a warning event 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
29535c0463 Warn of swap is enabled on the OS and tmpfs noswap is not supported 
When --fail-swap-on=false kubelet CLI argument
is provided, but tmpfs noswap is not supported
by the kernel, warn about the risks of memory-backed
volumes being swapped into disk

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
e7df4d17c4 Add a isSwapOnAccordingToProcSwaps() function and swap utils unit tests 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
2a174d09fa If the kernel version is at least 6.4, assume tmpfs noswap is supported 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
fb6c78c90b Use tmpfs noswap if supported 
use the tmpfs noswap option in order
to mount memory-backed volumes if it's supported.

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Kubernetes Prow Robot
06b813fd29 Merge pull request #124634 from saschagrunert/cri-staging-code 
Move `pkg/kubelet/cri/remote` to `cri-client`
 2024-05-16 07:33:06 -07:00
Kubernetes Prow Robot
a7ece470e5 Merge pull request #124063 from olyazavr/immediate-eviction-grace-period-fix 
fix grace period used for immediate evictions
 2024-05-15 16:14:12 -07:00
Sascha Grunert
2aa9e76be1 Move pkg/kubelet/cri/remote to cri-client 
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-14 10:58:18 +02:00
Kubernetes Prow Robot
8352c09592 Merge pull request #124323 from bart0sh/PR142-dra-fix-cache-integrity 
kubelet: DRA: fix cache integrity
 2024-05-13 09:54:02 -07:00
Kubernetes Prow Robot
63e85caac5 Merge pull request #124741 from saschagrunert/remote-runtime-logging 
Make remote runtime and image service logging independent
 2024-05-13 08:52:32 -07:00
Kubernetes Prow Robot
c12f6941a0 Merge pull request #124739 from saschagrunert/timeout-error 
Remove CRI `TimeoutError` type
 2024-05-13 08:52:23 -07:00
Davanum Srinivas
fd06dcd604 Switch hard error to a WARNING for kernel version check 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-12 20:23:48 -04:00
bells17
8cf18d1b5c [pkg/volume] Changed to use sets.Set[string] instead of sets.String 2024-05-11 18:02:45 +09:00
Kubernetes Prow Robot
1af6bc992c Merge pull request #123845 from HirazawaUi/promote-DisableNodeKubeProxyVersion-to-beta 
promote DisableNodeKubeProxyVersion feature gate to beta
 2024-05-08 12:23:19 -07:00
Sascha Grunert
9c712466f6 Make remote runtime and image service logging independent 
It's now possible to pass around the `*klog.Logger` which can also be
`nil` to disable logging at all.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-08 10:32:21 +02:00
Sascha Grunert
36b7d55355 Remove CRI TimeoutError type 
The type is a lefover of dockershim and can be replaced by golang native
error wrapping.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-08 09:26:19 +02:00
Davanum Srinivas
8597b343fa Enforce the Minimum Kernel Version 6.3 for UserNamespacesSupport feature 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-07 16:01:42 -04:00
Kubernetes Prow Robot
1dc30bf90f Merge pull request #124600 from alvaroaleman/typed-wq 
Use the generic/typed workqueue throughout
 2024-05-06 16:18:31 -07:00
Kubernetes Prow Robot
4d17d30029 Merge pull request #124519 from dims/drop-all-the-providery-things-take-2 
Remove gcp in-tree cloud provider and credential providers
 2024-05-06 08:03:14 -07:00
Alvaro Aleman
6d0ac8c561 Use the generic/typed workqueue throughout 
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.
 2024-05-04 14:33:12 -04:00
Ed Bartosh
f24134d7b2 kubelet: DRA: add unit test for ClaimInfo and claimInfoCache 2024-05-03 13:30:31 +00:00
Ed Bartosh
6ce294558a kubelet: DRA: add stress test 
The tests calls PrepareResources and UnprepareResources API in
parallel to help discover race conditions.
 2024-05-03 13:30:29 +00:00
Kevin Klues
86a18d5333 kubelet: DRA: update manager test to adhere to new claiminfo cache APIs 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:28:37 +00:00
Kevin Klues
805e7c3434 kubelet: DRA: remove check to set pluginName to DriverName if not in ResourceHandle 
It has always been validated that a ResourceHandle MUST have DriverName set, so
this check is unnecessary.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:29 +00:00
Kevin Klues
f80be2728e kubelet: DRA: change key of claimInfo cache to "namespace/claimname" 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:29 +00:00
Kevin Klues
639e887631 kubelet: DRA: add a reconcile loop to unprepare claims for deleted pods 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:29 +00:00
Kevin Klues
a8931c6c25 kubelet: DRA: update locking/checkpoint semantics of the claimInfo cache 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:27 +00:00
HirazawaUi
7a4531c5ba add ContainerStatusUnknown constant 2024-05-03 00:27:19 +08:00