github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,162 Commits 1 Branch 31 Tags
a23e278d1519efc89c16f360121325f0211d635d
Commit Graph

11253 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
bbfd2145de Merge pull request #124091 from bitoku/dra-nil-check 
kubelet: add nil check for Node(Un)PrepareResources.
 2024-04-18 10:46:05 -07:00
Kubernetes Prow Robot
32a3cbc51d Merge pull request #124245 from wojtek-t/informer_options 
Allow for configuring MinWatchTimeout in reflector
 2024-04-18 03:24:57 -07:00
Kubernetes Prow Robot
9c9a9b7c48 Merge pull request #124242 from carlory/cleanup-after-NewVolumeManagerReconstruction-ga 
remove unneeded func SyncReconstructedVolume from ActualStateOfWorld
 2024-04-18 03:24:50 -07:00
Kubernetes Prow Robot
ca1a134a41 Merge pull request #123977 from wojtek-t/avoid_node_gets 
Get node from local cache instead of kube-apiserver cache for kubelet status updates
 2024-04-18 02:10:44 -07:00
Kubernetes Prow Robot
da6be3b718 Merge pull request #123548 from Songjoy/fix-code 
Delete a stale code comment
 2024-04-18 00:01:10 -07:00
Kubernetes Prow Robot
ef2c682635 Merge pull request #122082 from carlory/remove-keep-terminated-pod-volumes 
keep-terminated-pod-volumes flag on kubelet is removed
 2024-04-17 23:59:54 -07:00
Kubernetes Prow Robot
3fda574e5e Merge pull request #121770 from frzifus/tracing_kubelet_read-only 
pass tracerprovider to kublet-readonly server
 2024-04-17 23:59:33 -07:00
Kubernetes Prow Robot
528cff12f6 Merge pull request #120969 from skitt/uber-go-mock 
Switch from golang/mock to uber-go/mock
 2024-04-17 23:59:24 -07:00
Wojciech Tyczyński
36141fa6fb Bump min watch timeout for secret & configmap manager in Kubelet 2024-04-10 19:36:29 +02:00
Maksym Pavlenko
be4b7176dc Fix Abs path validation on Windows (#124084) 
* Windows: Consider slash-prefixed paths as absolute

filepath.IsAbs does not consider "/" or "\" as absolute paths, even
though files can be addressed as such. [1][2]

Currently, there are some unit tests that are failing on Windows due to
this reason.

[1] https://learn.microsoft.com/en-us/dotnet/standard/io/file-path-formats#traditional-dos-paths
[2] https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#fully-qualified-vs-relative-paths

* Add test to verify IsAbs for windows

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Fix abs path validation on windows

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Skipp path clean check for podLogDir on windows

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Implement IsPathClean to validate path

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

* Add warn comment for IsAbs

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>

---------

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Co-authored-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
 2024-04-10 10:13:59 -07:00
carlory
a6b2619274 remove unneeded func SyncReconstructedVolume from ActualStateOfWorld 2024-04-09 15:34:33 +08:00
Ayato Tokubi
d04f87abde add nil check for Node(Un)PrepareResources. 
Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
 2024-04-04 23:24:25 +00:00
Fabio Bertinatto
c893c48432 Use the right feature gate when updating uncertain volumes 2024-03-25 16:47:08 -03:00
Wojciech Tyczyński
a36665113e Get node from local cache instead of kube-apiserver cache 2024-03-18 21:22:00 +01:00
HirazawaUi
10b6319e64 fix slow dra unit test 2024-03-16 22:21:15 +08:00
Ed Bartosh
26881132bd kubelet: assign Node as an owner for the ResourceSlice 
Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
 2024-03-15 09:46:13 +02:00
Kubernetes Prow Robot
d194e6d06c Merge pull request #123932 from pohly/dra-api-resource-model-rename 
dra api: NodeResourceModel -> ResourceModel
 2024-03-14 12:11:35 -07:00
Patrick Ohly
a0add8d2c7 dra api: NodeResourceModel -> ResourceModel 
When renaming NodeResourceSlice to ResourceSlice, the embedded
[Node]ResourceModel also should have been renamed.
 2024-03-14 18:07:36 +01:00
Akihiro Suda
8963e73f12 kubelet: fix mixing up runtime classes with runtime handlers 
Fix issue 123906

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 08:14:48 +09:00
Akihiro Suda
1dc05009fe api: NodeStatus: rename RuntimeClasses to RuntimeHandlers 
The runtime classes are apiserver's concept, while the handlers are kubelet's concept.
For NodeStatus, it makes more sense to return the latter ones here.

This commit modifies the following files:

- pkg/apis/core/types.go
- staging/src/k8s.io/api/core/v1/types.go
- pkg/kubelet/nodestatus/setters.go
- pkg/kubelet/kubelet_node_status.go
- pkg/registry/core/node/strategy.go
- test/e2e_node/mount_rro_linux_test.go

Other changes were auto-generated by running `make update`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 08:06:39 +09:00
Akihiro Suda
4a776f66ec kubelet: silence "unknown runtime class" errors when unsupported 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 07:08:42 +09:00
Antonio Ojea
7ab1ef644e Revert "Implement a field selector for ClusterIP on Services" 2024-03-12 12:20:27 +00:00
Kevin Klues
fc2134c84c dra kubelet: fix error log 
Previously we were returning the error string from 'err' (which is nil), when
we should have been returning it from result.Error. Without this it is hard to
debug issues with NodeUnprepareResources.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-03-11 13:51:29 +00:00
Kubernetes Prow Robot
b3926d137c Merge pull request #123831 from klueska/fix-unprepare-resources 
Add StructuredResourceModel to UnprepareResources call
 2024-03-11 03:25:14 -07:00
Kevin Klues
13a6dcc21c dra kubelet: add StructuredResourceModel to UnprepareResources call 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-03-09 18:08:14 +00:00
Akihiro Suda
c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
6f12e1d8e5 kubelet: expose containerStatuses.volumeMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
dd0882a83e kubelet: expose node.status.runtimeClasses 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
76081a10c2 kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:09 +09:00
Akihiro Suda
27f24a62e3 kubelet: change map[string]RuntimeHandler to []RuntimeHandler 
The map is changed to an array so as to retain the order of the original array
propagated from the CRI runtime.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:07 +09:00
Kubernetes Prow Robot
7ea3d0245a Merge pull request #123516 from pohly/dra-structured-parameters 
DRA: structured parameters
 2024-03-07 19:24:48 -08:00
Tim Allclair
04ac13b6b7 Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated 2024-03-07 15:00:07 -08:00
Patrick Ohly
0b6a0d686a dra api: rename NodeResourceSlice -> ResourceSlice 
While currently those objects only get published by the kubelet for node-local
resources, this could change once we also support network-attached
resources. Dropping the "Node" prefix enables such a future extension.

The NodeName in ResourceSlice and StructuredResourceHandle then becomes
optional. The kubelet still needs to provide one and it must match its own node
name, otherwise it doesn't have permission to access ResourceSlice objects.
 2024-03-07 22:22:55 +01:00
Patrick Ohly
d59676a545 dra kubelet: publish NodeResourceSlices 
The information is received from the DRA driver plugin through a new gRPC
streaming interface. This is backwards compatible with old DRA driver kubelet
plugins, their gRPC server will return "not implemented" and that can be
handled by kubelet. Therefore no API break is needed.

However, DRA drivers need to be updated because the Go API changed. They can
return
    status.New(codes.Unimplemented, "no node resource support").Err()
if they don't support the new ListAndWatchResources method and
structured parameters.

The controller in kubelet then synchronizes this information from the driver
with NodeResourceSlice objects, creating, updating and deleting them as needed.
 2024-03-07 22:22:13 +01:00
Patrick Ohly
6f1ddfcd2e kubelet: support structured parameters for preparing resources 
If the resource handle has data from a structured parameter model, then we need
to pass that to the DRA driver kubelet plugin. Because Kubernetes uses
gogo/protobuf, we cannot use "optional" for that new optional field and have to
resort to "repeated" with a single repetition if present.

This is a new, backwards-compatible field.

That extending the resource.k8s.io changes the checksum of a kubelet checkpoint
is unfortunate. Updating the test cases is a stop-gap measure, the actual
solution will have to be something else before beta.
 2024-03-07 22:22:13 +01:00
Stephen Kitt
6bf667af06 Switch from golang/mock to uber-go/mock 
See https://github.com/golang/mock#gomock: golang/mock is no longer
maintained, and should be replaced by go.uber.org/mock.

This allows golang/mock to be dropped from the status and vendored
fields in unwanted-dependencies.json.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
 2024-03-07 09:12:16 +01:00
Kubernetes Prow Robot
bd25605619 Merge pull request #123435 from tallclair/apparmor-ga 
AppArmor fields API
 2024-03-06 15:35:14 -08:00
Kubernetes Prow Robot
87f9b3891e Merge pull request #123385 from HirazawaUi/allow-special-characters 
Allow almost all printable ASCII characters in environment variables
 2024-03-05 17:31:06 -08:00
Kubernetes Prow Robot
5b4d97dc5a Merge pull request #122541 from aojea/headless_selector 
Implement a field selector for ClusterIP on Services
 2024-03-05 17:30:57 -08:00
Kubernetes Prow Robot
3686ceb5b8 Merge pull request #122745 from kannon92/swap-no-swap-default 
[KEP-2400] add no swap as the default option for swap
 2024-03-05 16:32:40 -08:00
Kubernetes Prow Robot
5f4a20e65d Merge pull request #120718 from gjkim42/add-restartable-init-containers-to-pod-resources-api 
Make PodResources API include restartable init containers
 2024-03-05 13:44:54 -08:00
Kevin Hannon
6a4e19a4ec add no swap as the default option for swap 2024-03-05 16:10:42 -05:00
Tim Allclair
24537a9131 Stop appending AppArmor status to node ready condition 2024-03-05 12:22:50 -08:00
Tim Allclair
bf3c8464ba Implement Kubelet AppArmor field handling 2024-03-05 12:22:50 -08:00
Antonio Ojea
5122fe0732 don't watch headless services on kubelet 
The kubelet watches services only to generate the environment variables
inside a pod, but headless services are not needed for this.

Change-Id: I22ee2b3352f8fe71cddfafa6f09b768c0a0e26b4
 2024-03-05 17:16:48 +00:00
HirazawaUi
fa3c101439 relax validation pod envfrom 2024-03-05 17:09:15 +08:00
Kubernetes Prow Robot
dc3f5ec6cc Merge pull request #112957 from mxpv/log-dir 
Allow changing pod log directory
 2024-03-04 21:07:06 -08:00
Kubernetes Prow Robot
229ebabc0a Merge pull request #123336 from HyunSu1768/hyunsu1768/use-switch-cases 
Refactoring to encourage use of switch case
 2024-03-04 20:07:06 -08:00
Kubernetes Prow Robot
4ed7f6b4c4 Merge pull request #123583 from saschagrunert/image-id-container-status 
Add `image_id` to CRI `ContainerStatus` message
 2024-03-04 11:23:41 -08:00
Kubernetes Prow Robot
89cbd94e68 Merge pull request #123593 from giuseppe/userns-use-kubelet-user-mappings 
KEP-127: kubelet: honor kubelet user mappings
 2024-03-04 10:24:52 -08:00