github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,061 Commits 1 Branch 31 Tags 1,019 MiB
acb43c7c4a
Commit Graph

527 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
12d9183da0
Merge pull request #95718 from SergeyKanzhelev/runtimeClass2 
RuntimeClass GA
 2020-11-12 00:44:51 -08:00
Sergey Kanzhelev
06da0e5e74 GA of RuntimeClass feature gate and API 2020-11-11 19:22:32 +00:00
Andrew Sy Kim
51441fd052 kubelet: support alpha credential provider exec plugins 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-11-10 13:44:06 -05:00
Mrunal Patel
32b9ac7d0c kubelet: Use CRI SecurityProfile for Seccomp 
We set both the old and the new fields for now and will
remove the old field in the next release.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
 2020-11-05 15:43:29 -08:00
Kubernetes Prow Robot
e92f8c8457
Merge pull request #94911 from wawa0210/fix-94898 
Enhance log information of verifyRunAsNonRoot, add pod, container information
 2020-09-24 13:57:25 -07:00
Kubernetes Prow Robot
402b94f313
Merge pull request #91469 from kinvolk/rata/fix-kubelet-log-msg 
Fix kubelet log message when starting a container
 2020-09-21 22:28:46 -07:00
wawa0210
be1c85d915
Enhance the prompt information of verifyRunAsNonRoot, add pod, container information 2020-09-22 08:10:54 +08:00
Kubernetes Prow Robot
73dda0af5d
Merge pull request #92355 from wawa0210/fix-91482 
fix windows container root validate
 2020-09-14 10:42:59 -07:00
Kubernetes Prow Robot
f5a42d69c9
Merge pull request #93475 from ravisantoshgudimetla/fix-kubelet-scc 
Strip unnecessary security contexts on Windows
 2020-09-10 18:14:14 -07:00
Kubernetes Prow Robot
88512be213
Merge pull request #92817 from kmala/kubelet 
Check for sandboxes before deleting the pod from apiserver
 2020-09-10 07:27:45 -07:00
knight42
c6f9b402fb
test(kuberuntime): deflake TestRecordOperation 
Avoid using hard-coded port

Signed-off-by: knight42 <anonymousknight96@gmail.com>
 2020-09-05 13:36:26 +08:00
Kubernetes Prow Robot
1d1daaa044
Merge pull request #94084 from brianpursley/kubernetes-93925-logging 
Add logging when fail to kill container or pod
 2020-09-04 03:32:23 -07:00
Kubernetes Prow Robot
48d5d204c3
Merge pull request #92614 from tnqn/onfailure-recreate 
Don't create a new sandbox for pod with RestartPolicyOnFailure if all containers succeeded
 2020-09-03 14:57:40 -07:00
brianpursley
6d001ebb68 Add logging if container or pod fails to be killed 2020-08-25 20:37:49 -04:00
knight42
cfeddcf654
test(kuberuntime): deflake TestRemoveContainer 
Signed-off-by: knight42 <anonymousknight96@gmail.com>
 2020-08-24 11:14:02 +08:00
Kubernetes Prow Robot
6da73aa572
Merge pull request #93333 from loburm/fix-logrotate 
Fix an issue when rotated logs of dead containers are not removed.
 2020-08-20 03:27:23 -07:00
Rodrigo Campos
e6c67c32e1 Fix kubelet log message when starting a container 
This code can be called not only when a container is dead and restarted,
but when is started for the first time too. For example, any pod with
initContainer and containers will exhibit this behaviour. The reason is
that in that case, the "if createPodSandbox" path will return the
initContainers only and on the next call to this function this code is
executed to start the containers for the fist time.

In that case, it is wrong to log that the container is dead and will be
restarted, as it was never started. In fact, the restart count will not
be increased.

This commit just changes this to say that the container is not in the
desired state and should be started. In the end, the kubelet is a state
machine and that is all we really care about.

No tests are added, as the behaviour was correct and tests don't check
logs messages.

Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
 2020-08-04 14:58:27 -03:00
ravisantoshgudimetla
cd8686bc57 Strip unnecessary security contexts on Windows 
As of now, the kubelet is passing the security context to container runtime even
if the security context has invalid options for a particular OS. As a result,
the pod fails to come up on the node. This error is particularly pronounced on
the Windows nodes where kubelet is allowing Linux specific options like SELinux,
RunAsUser etc where as in [documentation](https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/#v1-container),
we clearly state they are not supported. This PR ensures that the kubelet strips
the security contexts of the pod, if they don't make sense on the Windows OS.
 2020-08-03 23:43:31 -04:00
Jordan Liggitt
7335770670 Make toKubeContainerImageSpec deterministic 2020-07-31 14:41:11 -04:00
wawa0210
ccde63b9c1
fix windows container root validate 2020-07-24 19:59:58 +08:00
Marian Lobur
5d1b3e26af Fix an issue when rotated logs of dead containers are not removed. 2020-07-24 10:06:24 +02:00
Keerthan Reddy,Mala
872859b422 correct the sandboxId attribute in unit tests 2020-07-22 11:54:58 -07:00
Keerthan Reddy,Mala
851d778531 address review comments 2020-07-22 11:54:58 -07:00
Keerthan Reddy,Mala
90cc954eed add sandbox deletor to delete sandboxes on pod delete event 2020-07-22 11:54:58 -07:00
Paulo Gomes
b451563560
Add seccomp least privilege for kuberuntime 2020-07-08 22:03:29 +01:00
Quan Tian
b2b082f54f Don't create a new sandbox for pod with RestartPolicyOnFailure if all containers succeeded 
The kubelet would attempt to create a new sandbox for a pod whose
RestartPolicy is OnFailure even after all container succeeded. It caused
unnecessary CRI and CNI calls, confusing logs and conflicts between the
routine that creates the new sandbox and the routine that kills the Pod.

This patch checks the containers to start and stops creating sandbox if
no container is supposed to start.
 2020-07-07 22:49:48 +08:00
Paulo Gomes
8976e3620f
Add seccomp enforcement and validation based on new GA fields 
Adds seccomp validation.

This ensures that field and annotation values must match when present.

Co-authored-by: Sascha Grunert <sgrunert@suse.com>
 2020-07-06 09:13:25 +01:00
Kubernetes Prow Robot
9a3276548b
Merge pull request #91956 from kinvolk/rata/fix-kubelet-log-on-kill 
kubelet: Fix log typo when killing a container
 2020-06-24 13:30:38 -07:00
Kubernetes Prow Robot
14d9b5d758
Merge pull request #92325 from brianpursley/sync-pod-log 
Add pod and container name in log message when container fails to start
 2020-06-24 04:55:18 -07:00
Brian Pursley
2afc8e0eab Add pod and container name in log message when container fails to start 2020-06-23 12:59:53 -04:00
Rodrigo Campos
82856541fb kubelet: Fix log typo when killing a container 
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
 2020-06-20 20:15:27 -03:00
Kubernetes Prow Robot
3b466d1c48
Merge pull request #91971 from SergeyKanzhelev/renamesInContainer 
fix linter issues for pkg/kubelet/container
 2020-06-19 21:51:32 -07:00
Sergey Kanzhelev
ee53488f19 fix golint issues in pkg/kubelet/container 2020-06-19 15:48:08 +00:00
Javier Diaz-Montes
3538936587 Adding Bazel deps 2020-06-15 08:58:02 -04:00
Javier Diaz-Montes
9743cda4a7 Adding Kubelet changes to enable SetHostnameAsFQDN feature 
These changes allow to set FQDN as hostname of pods for pods
that set the new PodSpec field setHostnameAsFQDN to true. The PodSpec
new field was added in related PR.

This is PART2 (last) of the changes to enable KEP #1797 and addresses #91036
 2020-06-14 21:26:27 -04:00
Kubernetes Prow Robot
99c50dfd3c
Merge pull request #85225 from DataDog/eric.mountain/cleanup_refmanager_master 
Removes container RefManager
 2020-05-28 16:37:15 -07:00
Kubernetes Prow Robot
b98d9407cf
Merge pull request #91207 from iamchuckss/fixed-width-log-timestamps 
Fix log timestamps to maintain a fixed width
 2020-05-21 18:20:37 -07:00
Davanum Srinivas
0608e8be25
update bazel BUILD files 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-20 10:57:47 -04:00
Davanum Srinivas
5692926914
Move packages for slightly better UX for consumers 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-20 10:57:46 -04:00
iamchuckss
b5a02c4190 Fix log timestamps to be displayed in fixed width 2020-05-19 13:07:56 +08:00
Kubernetes Prow Robot
f4112710f5
Merge pull request #90061 from marosset/runtimehandler-image-spec-annotations 
Add annotations to CRI ImageSpec objects
 2020-05-18 16:29:36 -07:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Kubernetes Prow Robot
96e13de777
Merge pull request #88980 from tedyu/evict-delay-sorting 
Delay sorting of evictUnits slice in kuberuntime_gc
 2020-05-14 21:24:58 -07:00
Kubernetes Prow Robot
f7907083c2
Merge pull request #89160 from tedyu/symlink-first-seen 
Remove potentially unhealthy symlink only for dead containers
 2020-04-28 09:58:07 -07:00
Ted Yu
18e9f33fc6 Remove unhealthy symlink only for dead containers 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
 2020-04-21 12:30:51 -07:00
marosset
90367729a3 Adding/updating kubelet/kuberuntime tests 2020-04-20 22:25:05 +00:00
marosset
03479e4d12 kubelet - adding pod annotations to various image calls to get runtime-handler info to CRI 2020-04-17 23:57:09 +00:00
ZP-AlwaysWin
5796b7a32e Repair description 2020-04-17 09:36:38 +08:00
Kubernetes Prow Robot
7061dddf26
Merge pull request #88521 from mattjmcnaughton/mattjmcnaughton/add-error-testing-image-service 
Add error path testing to image handling by `kubeGenericRuntimeManager`
 2020-04-07 22:45:43 -07:00