github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,541 Commits 1 Branch 31 Tags
b421bde1de40530b51b4b88c736bb007ed9afb17
Commit Graph

49698 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
5d776f935c Merge pull request #123345 from haircommander/image-gc-metric-reason 
KEP-4210: kubelet: add reason field to image gc metric
 2024-02-19 18:56:59 -08:00
Peter Hunt
ba8fcb5ef6 kubelet: don't disable gc if max age is specified 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-02-19 14:44:20 -05:00
Peter Hunt
a8ea936364 image gc: don't start until max age has passed since kubelet started 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-02-19 14:44:20 -05:00
Adrian Reber
da8ffcd1dc Switch 'ContainerCheckpoint' from Alpha to Beta 
* Forensic Container Checkpointing as described in KEP 2008 moves from
   Alpha to Beta. This is corresponding code change.

 * Adapt e2e test to handle
   '(rpc error: code = Unimplemented desc = unknown method CheckpointContainer'
   and
   '(rpc error: code = Unimplemented desc = method CheckpointContainer not implemented)'
   and
   '(rpc error: code = Unknown desc = checkpoint/restore support not available)'
   One error message is if the CRI implementation does
   not implement the CRI RPC (too old) and the second is
   if the CRI implementation does explicitly not support the feature.
   The third error message can be seen if the container engine
   explicitly disabled the checkpoint/restore support,

 * As described in the corresponding KEP 2008 explicitly test for
   disabled functionality.

 * Extended test to look for the checkpoint kubelet metric.

 * Extended test to look for the CRI error metric.

 *  Add separate sub-resource permission to control permissions on
    the checkpoint kubelet API endpoint

Signed-off-by: Adrian Reber <areber@redhat.com>
 2024-02-19 18:09:38 +00:00
Rodrigo Campos
5a8579a3e4 kubelet/userns: Remove tests that fail as root 
For some reason the CI didn't fail when we open the PR. But when you run
"go test" as root, with all the capabilities, tests that exercise
permission errors will never work. As the capabilities makes them always
bypass the permission checks.

For some reason it seems that:
 * Not all our CI was run when the PR was open
 * The CI was changed to run as root now
 * _Some_ CI was added and it runs as root

If it wasn't one of that, or a combination, I don't see how this could
have happened. If any of that indeed happened, it can break more tests
outside the userns package too.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-02-19 14:52:33 -03:00
Kubernetes Prow Robot
3516bc6f49 Merge pull request #122456 from AxeZhan/beta3960 
[KEP 3960]: graduate PodLifecycleSleepAction to beta
 2024-02-19 07:44:50 -08:00
Michal Wozniak
fe8e896df8 Improve the doc comment for the Job status.active field 2024-02-19 14:27:30 +01:00
kerthcet
3c9c141d98 exchange the order of comparators 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2024-02-19 20:46:36 +08:00
kerthcet
7b108d8ee1 Add testcase covering unknown plugin config 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2024-02-19 20:45:48 +08:00
AxeZhan
c74ec3df09 graduate PodLifecycleSleepAction to beta 2024-02-19 19:40:52 +08:00
kerthcet
65faa9c680 Consider initContainer images in pod scheduling 
Co-authored-by:     xiaomudk <xiaomudk@gmail.com>
Co-authored-by:     kerthcet <kerthcet@gmail.com>
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2024-02-19 14:17:57 +08:00
kerthcet
b3ba6bda2b Add missed clusterEvents to UnrollWildCardResource 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2024-02-19 11:55:50 +08:00
Paco Xu
0f49a1e36e fix panic in CRI stats of windows 2024-02-18 15:03:11 +08:00
Kubernetes Prow Robot
6ff6b51904 Merge pull request #123333 from liggitt/authz-metrics 
Add allowed/denied metrics for authorizers
 2024-02-17 18:28:55 -08:00
Kubernetes Prow Robot
99a15e0480 Merge pull request #122877 from kinvolk/rata/userns 
kubelet/userns: Wrap error message
 2024-02-16 19:03:30 -08:00
Maksym Pavlenko
ae0a813be1 Fix tests after rebase 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-16 16:02:10 -08:00
Peter Hunt
c8b4d8ebed kubelet: add reason field to image gc metric 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
 2024-02-16 16:02:41 -05:00
Maksym Pavlenko
5fcbc9d2fc Fix permission denied error 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-16 09:57:18 -08:00
Maksym Pavlenko
ff4f2907c5 Use non-default directory for pod logs and limit path to ASCII characters 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-16 09:57:17 -08:00
Maksym Pavlenko
19d9405a1c Update comments and error messages 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-16 09:56:01 -08:00
Maksym Pavlenko
d9e2487d0c Add PodLogsPath to kubelet config 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-16 09:55:59 -08:00
Jordan Liggitt
d5d3eddb95 Add allowed/denied metrics for authorizers 2024-02-16 08:20:59 -05:00
Kubernetes Prow Robot
6c04679617 Merge pull request #120902 from linxiulei/watch_stack 
Add handler to run execution in separate goroutine
 2024-02-16 03:21:33 -08:00
HyunSu1768
59bf8b02e6 Refactoring to encourage use of switch case 2024-02-16 19:50:13 +09:00
Eric Lin
7b2698a5e5 Add handler to run watch serving in separate goroutine 
This handler allows running execution prior to actual serving in a separate
goroutine when serving requests. Doing so benefits cases in serving long running
requests because it allows freeing memory used by the separate goroutine
and keeps the serving routines slim.

Signed-off-by: Eric Lin <exlin@google.com>
 2024-02-16 10:22:16 +00:00
Kubernetes Prow Robot
91ee30074b Merge pull request #123174 from danwinship/cidr-validation-cleanup 
Make CIDR validation consistent
 2024-02-15 18:37:20 -08:00
Kubernetes Prow Robot
66d038d84d Merge pull request #121946 from liggitt/reload-authz 
KEP-3221: Implement authorization configuration file reloading
 2024-02-15 18:37:13 -08:00
Kubernetes Prow Robot
ad6477e342 Merge pull request #123322 from bjhaid/bjhaid-topology-verbosity 
[kube-proxy] add log verbosity to endpoint topology hint loop.
 2024-02-15 12:50:54 -08:00
Ayodele Abejide
71479b5577 [kube-proxy] add log verbosity to endpoint topology hint loop. 
We enabled topology hint on one of our services and this log line was
emitted ~92 million times in one day from one cluster tripping our log
quota for that cluster, as it is the log line cannot be disabled via the
`-v` flag because it does not specify verbosity.

I think more log locations need to set verbosity at which they are
logged, but this one is currently hurting the most.
 2024-02-15 18:26:19 +00:00
Kubernetes Prow Robot
47f92ce231 Merge pull request #123242 from mimowo/fast-backoff-for-replacment-policy-tests 
Improve accuracy of the PodsCreationTotal metric and use fast pod failure backoff for ReplacementPolicy integration tests
 2024-02-15 09:54:53 -08:00
Michal Wozniak
f84d643c20 Use the Defer for pod replacement policy 2024-02-15 17:37:31 +01:00
Kubernetes Prow Robot
b65508b477 Merge pull request #123158 from AkihiroSuda/nodeconditiontype-godoc 
core/v1: remove comment about non-existing constants
 2024-02-15 08:16:20 -08:00
Michal Wozniak
115dc90633 Increase accuracy of the pods_creation_total metric and improve test exec time 2024-02-15 10:59:01 +01:00
Kubernetes Prow Robot
58c77d7b63 Merge pull request #122887 from jpbetz/retry-generate-name-create 
Implement KEP-4420: Retry Generate Name
 2024-02-14 21:07:24 -08:00
Kubernetes Prow Robot
72c3c7c924 Merge pull request #123282 from enj/enj/i/authn_config_algs 
Support all key algs with structured authn config
 2024-02-14 18:08:32 -08:00
Kubernetes Prow Robot
68bbbd0359 Merge pull request #123300 from antoninbas/nodeipam-controller-remove-unused-field 
Remove unused lookupIP field in NodeIPAM Controller struct
 2024-02-14 17:00:13 -08:00
Kubernetes Prow Robot
8e11104f0b Merge pull request #121461 from alexzielenski/apiserver/apiextensions/ratcheting-beta 
KEP-4008: CRDValidationRatcheting Bump Feature Gate To Beta
 2024-02-14 15:56:47 -08:00
Kubernetes Prow Robot
5b2c919583 Merge pull request #114301 from harshanarayana/kubelet/log-rotate-improvements 
kubelet: enable configurable rotation duration and parallel rotate
 2024-02-14 15:56:38 -08:00
Jordan Liggitt
5dc92ada06 Implement authz config file reloading 2024-02-14 18:09:15 -05:00
Jordan Liggitt
3a98e60a71 Move authz construction to reloader 2024-02-14 18:03:21 -05:00
Kubernetes Prow Robot
684a9975fe Merge pull request #122919 from alexzielenski/apiserver/policy/mutating-initial 
Refactor AdmissionPolicy for code sharing with mutating
 2024-02-14 14:52:26 -08:00
Jordan Liggitt
2b00035b5f Split construction of authorizer / ruleResolver 2024-02-14 17:06:18 -05:00
Jordan Liggitt
1fddc948ed Split node/rbac/abac construction 2024-02-14 17:03:10 -05:00
Jordan Liggitt
49124293c3 Store constructed node/rbac/abac authorizers 2024-02-14 17:03:07 -05:00
Antonin Bas
75a3069294 Remove unused lookupIP field in NodeIPAM Controller struct 
I am not sure why this was originally required, but it doesn't seem to
have been used for years.

Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
 2024-02-14 13:28:35 -08:00
Jordan Liggitt
5f4cb8b09a Move kube-apiserver authz validation functions 2024-02-14 10:00:11 -05:00
Monis Khan
b5e0068325 Support all key algs with structured authn config 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-02-14 09:40:25 -05:00
AxeZhan
630ff96f9d Revert "Scheduler first fit" 2024-02-14 20:43:59 +08:00
Kubernetes Prow Robot
14f8f5519d Merge pull request #121719 from ruiwen-zhao/metric-size 
Add image pull duration metric with bucketed image size
 2024-02-13 16:23:50 -08:00
reinka
2fa02552eb remove comment 2024-02-13 20:12:31 +01:00