* api changes adding match conditions
* feature gate and registry strategy to drop fields
* matchConditions logic for admission webhooks
* feedback
* update test
* import order
* bears.com
* update fail policy ignore behavior
* update docs and matcher to hold fail policy as non-pointer
* update matcher error aggregation, fix early fail failpolicy ignore, update docs
* final cleanup
* openapi gen
* redefine app protocol and add standard values
* change k8s.io/http2 to k8s.io/h2c
* address feedback
* Update staging/src/k8s.io/api/discovery/v1/types.go
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
* remove kubernetes.io/tcp and change wording
---------
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
This PR makes the NodePrepareResources() and NodeUnprepareResource()
calls of the kubeletplugin API for DynamicResourceAllocation
symmetrical. It wasn't clear how one would use the set of CDIDevices
passed back in the NodeUnprepareResource() of the v1alpha1 API, and the
new API now passes back the full ResourceHandle that was originally
passed to the Prepare() call. Passing the ResourceHandle is strictly
more informative and a plugin could always (re)derive the set of
CDIDevice from it.
This is a breaking change, but this release is scheduled to break
multiple APIs for DynamicResourceAllocation, so it makes sense to do
this now instead of later.
Signed-off-by: Kevin Klues <kklues@nvidia.com>
To improve wall-clock speed, we run list operations in parallel. This
particularly helps when the round-trip time is high.
We issue requests as quickly as possible, kube-apiservers should all
have priority and fairness at this point and we don't want to
duplicate/fight that system.
They contain some nice-to-have improvements (for example, better printing of
errors with gomega/format.Object) but nothing that is critical right now.
"go mod tidy" was run manually in
staging/src/k8s.io/kms/internal/plugins/mock (https://github.com/kubernetes/kubernetes/pull/116613
not merged yet).
It is possible for a KMSv2 plugin to return a static value as Ciphertext
and store the actual encrypted DEK in the annotations. In this case,
using the encDEK will not work. Instead, we are now using a combination
of the encDEK, keyID and annotations to generate the cache key.
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
The Poll* methods predate context in Go, and the current implementation
will return ErrWaitTimeout even if the context is cancelled, which
prevents callers who are using Poll* from handling that error directly
(for instance, if you want to cancel a function in a controlled fashion
but still report cleanup errors to logs, you want to know the difference
between 'didn't cancel', 'cancelled cleanly', and 'hit an error).
This commit adds two new methods that reflect how modern Go uses
context in polling while preserving all Kubernetes-specific behavior:
PollUntilContextCancel
PollUntilContextTimeout
These methods can be used for infinite polling (normal context),
timed polling (deadline context), and cancellable poll (cancel context).
All other Poll/Wait methods are marked as deprecated for removal in
the future. The ErrWaitTimeout error will no longer be returned from the
Poll* methods, but will continue to be returned from ExponentialBackoff*.
Users updating to use these new methods are responsible for converting
their error handling as appropriate. A convenience helper
`Interrupted(err) bool` has been added that should be used instead of
checking `err == ErrWaitTimeout`. In a future release ErrWaitTimeout will
be made private to prevent incorrect use. The helper can be used with all
polling methods since context cancellation and deadline are semantically
equivalent to ErrWaitTimeout. A new `ErrorInterrupted(cause error)` method
should be used instead of returning ErrWaitTimeout in custom code.
The convenience method PollUntilContextTimeout is added because deadline
context creation is verbose and the cancel function must be called to
properly cleanup the context - many of the current poll users would see
code sizes increase. To reduce the overall method surface area, the
distinction between PollImmediate and Poll has been reduced to a single
boolean on PollUntilContextCancel so we do not need multiple helper methods.
The existing methods were not altered because ecosystem callers have been
observed to use ErrWaitTimeout to mean "any error that my condition func
did not return" which prevents cancellation errors from being returned
from the existing methods. Callers must make a deliberate migration.
Callers migrating to `PollWithContextCancel` should:
1. Pass a context with a deadline or timeout if they were previously using
`Poll*Until*` and check `err` for `context.DeadlineExceeded` instead of
`ErrWaitTimeout` (more specific) or use `Interrupted(err)` for a generic
check.
2. Callers that were waiting forever or for context cancellation should
ensure they are checking `context.Canceled` instead of `ErrWaitTimeout`
to detect when the poll was stopped early.
Callers of `ExponentialBackoffWithContext` should use `Interrupted(err)`
instead of directly checking `err == ErrWaitTimeout`. No other changes are
needed.
Code that returns `ErrWaitTimeout` should instead define a local cause
and return `wait.ErrorInterrupted(cause)`, which will be recognized by
`wait.Interrupted()`. If nil is passed the previous message will be used
but clients are highly recommended to use typed checks vs message checks.
As a consequence of this change the new methods are more efficient - Poll
uses one less goroutine.
