github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,541 Commits 1 Branch 31 Tags
b421bde1de40530b51b4b88c736bb007ed9afb17
Commit Graph

49698 Commits

Author SHA1 Message Date
kerthcet
5b072a59a2 Fix flaky test on multi profiles waiting pod 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2024-03-05 14:54:33 +08:00
Kubernetes Prow Robot
dc3f5ec6cc Merge pull request #112957 from mxpv/log-dir 
Allow changing pod log directory
 2024-03-04 21:07:06 -08:00
Kubernetes Prow Robot
26600b17ab Merge pull request #123561 from enj/enj/i/validate_jwt_sa_iss 
Prevent conflicts between service account and jwt issuers
 2024-03-04 20:07:24 -08:00
Kubernetes Prow Robot
a76a3e031f Merge pull request #123487 from gauravkghildiyal/kep-4444 
Introduce trafficDistribution field for Kubernetes Services
 2024-03-04 20:07:15 -08:00
Kubernetes Prow Robot
229ebabc0a Merge pull request #123336 from HyunSu1768/hyunsu1768/use-switch-cases 
Refactoring to encourage use of switch case
 2024-03-04 20:07:06 -08:00
Kubernetes Prow Robot
699984f25a Merge pull request #123641 from liggitt/authz-config-beta-gate 
Promote StructuredAuthorizationConfiguration feature gate to beta
 2024-03-04 18:38:23 -08:00
Kubernetes Prow Robot
5b6d8a4293 Merge pull request #123532 from serathius/separate-rpc 
Move cacher watch to separate rpc preventing starvation
 2024-03-04 18:38:14 -08:00
Kubernetes Prow Robot
439f7df65b Merge pull request #122320 from armstrongli/master 
allow service NodePort to be updated to 0 in case AllocateLoadBalance…
 2024-03-04 18:38:05 -08:00
Kubernetes Prow Robot
6929a11f69 Merge pull request #123481 from sanposhiho/mindomain-stable 
graduate MinDomainsInPodTopologySpread to stable
 2024-03-04 17:18:53 -08:00
Kubernetes Prow Robot
f745503112 Merge pull request #123413 from seans3/tunneling-spdy-websockets 
PortForward: Tunnel SPDY through WebSockets
 2024-03-04 17:18:44 -08:00
Kubernetes Prow Robot
e4ee7b005c Merge pull request #123323 from gjkim42/add-ValidateInitContainerStateTransition 
Validate restartable init container state transition
 2024-03-04 16:21:30 -08:00
Kubernetes Prow Robot
1c789a9d46 Merge pull request #122422 from neolit123/1.30-update-hostaliases-note 
core/v1: remove note about hostAliases not working with hostNetwork
 2024-03-04 16:21:21 -08:00
Gaurav Ghildiyal
ec6fd2befa Add options construct to EndpointSlice NewReconciler for the new trafficDistributionEnabled field 2024-03-04 15:40:22 -08:00
Kubernetes Prow Robot
46a2137c1b Merge pull request #123639 from liggitt/authz-metrics 
Add authorization webhook duration/count/failopen metrics
 2024-03-04 14:09:30 -08:00
Kubernetes Prow Robot
6c8dc1d1ed Merge pull request #123609 from veshij/fix 
[kubernetes/scheduler] use lockless diagnosis collection in findNodes…
 2024-03-04 11:23:50 -08:00
Kubernetes Prow Robot
4ed7f6b4c4 Merge pull request #123583 from saschagrunert/image-id-container-status 
Add `image_id` to CRI `ContainerStatus` message
 2024-03-04 11:23:41 -08:00
Sean Sullivan
8b447d8c97 portforward: tunnel spdy through websockets 2024-03-04 11:10:30 -08:00
Jordan Liggitt
79b344d85e Add authorization webhook duration/count/failopen metrics 2024-03-04 14:01:15 -05:00
Kubernetes Prow Robot
89cbd94e68 Merge pull request #123593 from giuseppe/userns-use-kubelet-user-mappings 
KEP-127: kubelet: honor kubelet user mappings
 2024-03-04 10:24:52 -08:00
Kubernetes Prow Robot
d34fbeb0a3 Merge pull request #123446 from linxiulei/hit_cache 
Hit APIServer cache when testing healthiness
 2024-03-04 10:24:45 -08:00
Monis Khan
05e1eff793 Prevent conflicts between service account and jwt issuers 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-04 11:40:02 -05:00
Jan Safranek
c4163a9cb8 Add label with access mode to SELinux metrics 
In the KEP 1710 we promised to have all SELinux metrics with access mode
label, so cluster admin is able to distinguish when RWOP volumes are
failing to mount (-> SELinuxMountReadWriteOncePod feature gate must be
disabled) or volumes with any other access modes are failing (->
SELinuxMount feature gate must be disabled).

Adding the label to kubelet is quite straightforward, there were some
changes needed in the e2e test. Now grabMetrics() collects values of all
SELinux related metrics with all labels. It only skips unrelated volume
plugins. And waitForMetricIncrease gets metric with all labels on input, so
it can check that say RWOP metric increased and RWX one did not.
 2024-03-04 13:16:56 +01:00
Marek Siarkowicz
31d404b182 Prevent watch cache starvation, by moving its watch to separate RPC and add a SeparateCacheWatchRPC feature flag to disable this behavior 2024-03-04 12:51:06 +01:00
Gaurav Ghildiyal
51f86b9124 Change kube-proxy behaviour to consider hints when ServiceTrafficDistribution feature gate is enabled 2024-03-03 22:46:03 -08:00
Gaurav Ghildiyal
51a3fa2e6f Start reconciling on the new field 2024-03-03 22:46:03 -08:00
Gaurav Ghildiyal
646fd200b8 Run 'make update' 2024-03-03 22:46:00 -08:00
Gaurav Ghildiyal
996d11d4e8 Add new field trafficDistribution to Service spec 2024-03-03 22:34:17 -08:00
Kubernetes Prow Robot
e4a14fe0f5 Merge pull request #123575 from Huang-Wei/pod-scheduling-readiness-stable 
Graduate PodSchedulingReadiness to stable
 2024-03-03 22:29:38 -08:00
Kubernetes Prow Robot
1fceb815ac Merge pull request #123437 from tenzen-y/fix-job-validatioin-test-name 
Job: Fix test case names for the validations
 2024-03-02 13:33:18 -08:00
Kubernetes Prow Robot
4164e7c3a7 Merge pull request #123629 from thockin/master 
Get rid of unused API type NodeResources
 2024-03-02 12:33:18 -08:00
Rodrigo Campos
6174f199df kublet/userns: Add test switching feature gate off/on 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
4bb508dd30 kubelet/userns: Add unit test 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
0b69c2bc81 kubelet/userns: Use kubelet maxPods 
We don't have the alpha limitation anymore, let's just use the kubelet
maxPods instead of our hardcoded 1024 max.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
39c6815676 kubelet/userns: Remove alpha maxPods limitation 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:44 +01:00
Rodrigo Campos
4180284dc9 pkg/kubelet/userns: Remove outdated test 
When we were alocating the whole UID space, the first range was reserved
to the host. Now we don't allocate the whole UID space, but just the
range configured, so the first range doesn't point to [0;65535] anymore,
so no need to test it is always set.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2024-03-02 12:15:43 +01:00
Giuseppe Scrivano
4c81e5c9dc features: promote UserNamespacesSupport to beta 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-03-02 12:15:43 +01:00
Giuseppe Scrivano
87a057d417 KEP-127: kubelet: honor kubelet user mappings 
allow to specify what IDs must be used by the kubelet to create user
namespaces.

If no additional UIDs/GIDs are not allocated to the "kubelet" user,
then the kubelet assumes it can use any ID on the system.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-03-02 12:15:39 +01:00
Jordan Liggitt
30256c8909 Promote StructuredAuthorizationConfiguration feature gate to beta 2024-03-02 02:12:36 -05:00
Kensei Nakada
b48b4ebc69 address reviews 2024-03-02 04:51:00 +00:00
Kubernetes Prow Robot
8845c4c657 Merge pull request #123135 from munnerz/4193-beta-promotion 
KEP-4193: promote ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to beta
 2024-03-01 19:48:18 -08:00
Kubernetes Prow Robot
3e1da21801 Merge pull request #123611 from ritazh/authz-mcmetrics 
Add authz webhook matchcondition metrics
 2024-03-01 18:49:17 -08:00
Kubernetes Prow Robot
673d3c9e70 Merge pull request #122693 from yanggangtony/fix_kubelet_server_journal_linux 
Fix kubelet_server_journal --until parms.
 2024-03-01 16:59:38 -08:00
Kubernetes Prow Robot
cde4788a27 Merge pull request #123215 from adrianreber/2024-02-09-forensic-container-checkpointing-beta 
Switch 'ContainerCheckpoint' from Alpha to Beta
 2024-03-01 15:59:24 -08:00
Tim Hockin
467d5d745c Get rid of unused API type NodeResources 2024-03-01 15:13:50 -08:00
Rita Zhang
e76fce7566 add authz webhook matchcondition metrics 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Jordan Liggitt <liggitt@google.com>
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-03-01 14:41:27 -08:00
Ivan Valdes
8854d360a5 printers: add status to jobs table 2024-03-01 11:47:35 -08:00
Jefftree
301e804c3f Promote AggregatedDiscovery to GA 2024-03-01 13:15:22 -05:00
Kubernetes Prow Robot
24267f6aa7 Merge pull request #122438 from kannon92/splitfs-tests 
[KEP - 4191]: Use Cadvisor labels rather than hard coding them into kubelet
 2024-03-01 10:04:57 -08:00
Kubernetes Prow Robot
df366107d1 Merge pull request #123529 from thockin/go-workspaces 
Go workspaces for k/k and k/staging/*
 2024-03-01 08:43:03 -08:00
carlory
b47c73ee26 keep-terminated-pod-volumes flag on kubelet is removed 2024-03-01 18:42:15 +08:00