github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
123,012 Commits 1 Branch 31 Tags
ae5543e4c8f99cb1555102a8ebc310aed3c82596
Commit Graph

11323 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
6d0aab2e38 Merge pull request #125014 from carlory/fix-120287 
Remove volumesNeedReportedInUse for reconstructed volumes
 2024-05-31 05:32:24 -07:00
Kubernetes Prow Robot
4cc989a7a9 Merge pull request #124740 from bells17/use-sets-set-string 
[pkg/volume] Changed to use sets.Set[string] instead of sets.String
 2024-05-31 05:32:15 -07:00
Sascha Grunert
0c9949b6ec Move pkg/kubelet/kuberuntime/logs to k8s.io/cri-client staging 
Particulary helpful to decouple cri-tools from k/k.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-30 15:13:22 +02:00
Shingo Omura
552fd7e850 KEP-3619: Fine-grained SupplementalGroups control (#117842) 
* Add `Linux{Sandbox,Container}SecurityContext.SupplementalGroupsPolicy` and `ContainerStatus.user` in cri-api

* Add `PodSecurityContext.SupplementalGroupsPolicy`, `ContainerStatus.User` and its featuregate

* Implement DropDisabledPodFields for PodSecurityContext.SupplementalGroupsPolicy and ContainerStatus.User fields

* Implement kubelet so to wire between SecurityContext.SupplementalGroupsPolicy/ContainerStatus.User and cri-api in kubelet

* Clarify `SupplementalGroupsPolicy` is an OS depdendent field.

* Make `ContainerStatus.User` is initially attached user identity to the first process in the ContainerStatus

It is because, the process identity can be dynamic if the initially attached identity
has enough privilege calling setuid/setgid/setgroups syscalls in Linux.

* Rewording suggestion applied

* Add TODO comment for updating SupplementalGroupsPolicy default value in v1.34

* Added validations for SupplementalGroupsPolicy and ContainerUser

* No need featuregate check in validation when adding new field with no default value

* fix typo: identitiy -> identity
 2024-05-29 15:40:29 -07:00
Kubernetes Prow Robot
fad52aedfc Merge pull request #125086 from oxxenix/exponential-backoff 
add exponential backoff in NodeResourceSlices controller
 2024-05-28 02:46:43 -07:00
Oksana Baranova
c4ec24890e nodeResourceSlicesController: add exponential backoff 2024-05-27 23:12:53 +03:00
Kubernetes Prow Robot
b42bb8fa58 Merge pull request #124060 from iholder101/swap/tmpfs-noswap 
[KEP-2400] Mount tmpfs memory-backed volumes with a noswap option if supported
 2024-05-23 07:02:03 -07:00
Kubernetes Prow Robot
dad8fe71f2 Merge pull request #124220 from HirazawaUi/fix-pod-restarted 
[kubelet]: fixed container restart due to pod spec field changes
 2024-05-22 15:43:36 -07:00
HirazawaUi
3ec13c5e37 remove HashWithoutResources field 2024-05-22 10:01:31 +08:00
HirazawaUi
f6b650430a fixed container restart due to field changes 2024-05-22 09:55:46 +08:00
carlory
2491560ae5 Remove volumesNeedReportedInUse for reconstructed volumes 2024-05-21 18:23:12 +08:00
Itamar Holder
a6b971f14b Use kubelet owned directories for mounting rather than /tmp 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
74f29880bd Replace log entry by a warning event 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
29535c0463 Warn of swap is enabled on the OS and tmpfs noswap is not supported 
When --fail-swap-on=false kubelet CLI argument
is provided, but tmpfs noswap is not supported
by the kernel, warn about the risks of memory-backed
volumes being swapped into disk

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
e7df4d17c4 Add a isSwapOnAccordingToProcSwaps() function and swap utils unit tests 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
2a174d09fa If the kernel version is at least 6.4, assume tmpfs noswap is supported 
Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Itamar Holder
fb6c78c90b Use tmpfs noswap if supported 
use the tmpfs noswap option in order
to mount memory-backed volumes if it's supported.

Signed-off-by: Itamar Holder <iholder@redhat.com>
 2024-05-21 13:18:16 +03:00
Kubernetes Prow Robot
06b813fd29 Merge pull request #124634 from saschagrunert/cri-staging-code 
Move `pkg/kubelet/cri/remote` to `cri-client`
 2024-05-16 07:33:06 -07:00
Kubernetes Prow Robot
a7ece470e5 Merge pull request #124063 from olyazavr/immediate-eviction-grace-period-fix 
fix grace period used for immediate evictions
 2024-05-15 16:14:12 -07:00
Sascha Grunert
2aa9e76be1 Move pkg/kubelet/cri/remote to cri-client 
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-14 10:58:18 +02:00
Kubernetes Prow Robot
8352c09592 Merge pull request #124323 from bart0sh/PR142-dra-fix-cache-integrity 
kubelet: DRA: fix cache integrity
 2024-05-13 09:54:02 -07:00
Kubernetes Prow Robot
63e85caac5 Merge pull request #124741 from saschagrunert/remote-runtime-logging 
Make remote runtime and image service logging independent
 2024-05-13 08:52:32 -07:00
Kubernetes Prow Robot
c12f6941a0 Merge pull request #124739 from saschagrunert/timeout-error 
Remove CRI `TimeoutError` type
 2024-05-13 08:52:23 -07:00
Davanum Srinivas
fd06dcd604 Switch hard error to a WARNING for kernel version check 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-12 20:23:48 -04:00
bells17
8cf18d1b5c [pkg/volume] Changed to use sets.Set[string] instead of sets.String 2024-05-11 18:02:45 +09:00
Kubernetes Prow Robot
1af6bc992c Merge pull request #123845 from HirazawaUi/promote-DisableNodeKubeProxyVersion-to-beta 
promote DisableNodeKubeProxyVersion feature gate to beta
 2024-05-08 12:23:19 -07:00
Sascha Grunert
9c712466f6 Make remote runtime and image service logging independent 
It's now possible to pass around the `*klog.Logger` which can also be
`nil` to disable logging at all.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-08 10:32:21 +02:00
Sascha Grunert
36b7d55355 Remove CRI TimeoutError type 
The type is a lefover of dockershim and can be replaced by golang native
error wrapping.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-05-08 09:26:19 +02:00
Davanum Srinivas
8597b343fa Enforce the Minimum Kernel Version 6.3 for UserNamespacesSupport feature 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-07 16:01:42 -04:00
Kubernetes Prow Robot
1dc30bf90f Merge pull request #124600 from alvaroaleman/typed-wq 
Use the generic/typed workqueue throughout
 2024-05-06 16:18:31 -07:00
Kubernetes Prow Robot
4d17d30029 Merge pull request #124519 from dims/drop-all-the-providery-things-take-2 
Remove gcp in-tree cloud provider and credential providers
 2024-05-06 08:03:14 -07:00
Alvaro Aleman
6d0ac8c561 Use the generic/typed workqueue throughout 
This change makes us use the generic workqueue throughout the project in
order to improve type safety and readability of the code.
 2024-05-04 14:33:12 -04:00
Ed Bartosh
f24134d7b2 kubelet: DRA: add unit test for ClaimInfo and claimInfoCache 2024-05-03 13:30:31 +00:00
Ed Bartosh
6ce294558a kubelet: DRA: add stress test 
The tests calls PrepareResources and UnprepareResources API in
parallel to help discover race conditions.
 2024-05-03 13:30:29 +00:00
Kevin Klues
86a18d5333 kubelet: DRA: update manager test to adhere to new claiminfo cache APIs 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:28:37 +00:00
Kevin Klues
805e7c3434 kubelet: DRA: remove check to set pluginName to DriverName if not in ResourceHandle 
It has always been validated that a ResourceHandle MUST have DriverName set, so
this check is unnecessary.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:29 +00:00
Kevin Klues
f80be2728e kubelet: DRA: change key of claimInfo cache to "namespace/claimname" 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:29 +00:00
Kevin Klues
639e887631 kubelet: DRA: add a reconcile loop to unprepare claims for deleted pods 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:29 +00:00
Kevin Klues
a8931c6c25 kubelet: DRA: update locking/checkpoint semantics of the claimInfo cache 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-05-03 13:23:27 +00:00
Kubernetes Prow Robot
29a4812f03 Merge pull request #124080 from claudiubelu/skip-windows-tests 
Skip failing Windows tests
 2024-05-01 07:48:12 -07:00
Kubernetes Prow Robot
7143856f17 Merge pull request #123756 from saschagrunert/cri-approvers 
Sync `cri-api` approvers with kubelet `cri` package
 2024-05-01 07:48:03 -07:00
Davanum Srinivas
bf268f02a3 Remove gcp in-tree cloud provider and credential provider 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-05-01 09:03:53 -04:00
Kubernetes Prow Robot
1fd835ce59 Merge pull request #123398 from ffromani/remove-legacy-checkpoint 
node: devicemgr: remove obsolete pre-1.20 checkpoint file support
 2024-04-29 14:46:53 -07:00
Kubernetes Prow Robot
3192f7489d Merge pull request #123796 from saschagrunert/kube-features-remote-runtime 
Decouple `kubelet/cri/remote` package from `pkg/features`
 2024-04-29 05:15:41 -07:00
Kubernetes Prow Robot
da890f071b Merge pull request #123463 from k82cn/cri_grpc_rs 
grpc: set localhost Authority to unix client calls
 2024-04-29 05:15:32 -07:00
Sascha Grunert
7b14e0e382 Decouple kubelet/cri/remote package from pkg/features 
Importing the `k8s.io/kubernetes/pkg/features` package in the remote
runtime implementation makes it harder to separate the functionalities
at some later point in time.

We now decouple them by checking if the feature is enabled directly in
the kubelet service creation path.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-04-29 08:37:02 +02:00
Kubernetes Prow Robot
38c2a963b4 Merge pull request #123984 from carlory/volume-remove-cloud-provider 
Remove cloud provider dependency from volume host and volume controllers
 2024-04-28 02:54:14 -07:00
Kubernetes Prow Robot
3d49956fde Merge pull request #123795 from saschagrunert/metrics-remote-runtime 
Decouple `kubelet/cri/remote` package from `kubelet/metrics`
 2024-04-26 18:31:48 -07:00
Kubernetes Prow Robot
bf454d7c59 Merge pull request #124516 from danwinship/cloud-hostname-override 
Fix behavior with external cloud provider and --hostname-override
 2024-04-25 14:47:24 -07:00
Claudiu Belu
2be8baeaef unittests: Skip failing Windows tests 
Some of the unit tests are currently failing on Windows.

Skip them for now, and remove the skips later, once the underlying issues
have been resolved.
 2024-04-25 14:24:16 +00:00