github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
124,104 Commits 1 Branch 31 Tags
bc3c07091b3501ac52c7c322f246df5e36815c20
Commit Graph

50293 Commits

Author SHA1 Message Date
杨朱 · Kiki
bc3c07091b Fix a bug where the target pod doesn't become schedulable within 5 minutes when a deleted pod uses the same PVC with the ReadWriteOncePod access mode. (#126263) 
Co-authored-by: Kensei Nakada <handbomusic@gmail.com>
 2024-07-22 01:20:34 -07:00
Kubernetes Prow Robot
10496b35a8 Merge pull request #126015 from micahhausler/kubelet-cert-validation 
Enhance node admission to validate kubelet CSR's CN
 2024-07-20 21:27:42 -07:00
Kubernetes Prow Robot
558c9536a1 Merge pull request #123678 from kinvolk/userns-use-kubelet-user-mappings 
kubelet: Add logs for userns custom mappings parsing
 2024-07-20 19:59:57 -07:00
Micah Hausler
b251efe0ad Enhance node admission to validate kubelet CSR's CN 
Signed-off-by: Micah Hausler <mhausler@amazon.com>
 2024-07-20 19:06:00 -05:00
Kubernetes Prow Robot
8527092e02 Merge pull request #119024 from wafuwafu13/deprecated-node-label 
chore(node/util): add more labels to `deprecatedNodeLabels`
 2024-07-20 11:31:40 -07:00
Kubernetes Prow Robot
892acaa6a7 Merge pull request #126107 from enj/enj/i/svm_not_found_err 
svm: set UID and RV on SSA patch to cause conflict on logical create
 2024-07-20 08:18:01 -07:00
Kubernetes Prow Robot
8f265b6305 Merge pull request #126136 from cici37/removeFG 
Remove feature gate CustomResourceValidationExpressions
 2024-07-20 00:08:52 -07:00
Kubernetes Prow Robot
a8d354bf39 Merge pull request #126122 from HirazawaUi/remove-unused-options 
kubelet: Remove unused run container options
 2024-07-19 18:05:16 -07:00
Kubernetes Prow Robot
14b34fc255 Merge pull request #125834 from tallclair/log-cleanup 
[kubelet] Cleanup incorrect log about static pod status change
 2024-07-19 16:58:54 -07:00
Kubernetes Prow Robot
64ba17c605 Merge pull request #125571 from liggitt/filter-auth-02-sar 
add field and label selectors to authorization
 2024-07-19 15:30:01 -07:00
Kubernetes Prow Robot
ec8015daac Merge pull request #124273 from panoswoo/fix/124255 
Remove missing extended resources from init containers
 2024-07-19 15:29:53 -07:00
Jordan Liggitt
4d535db8be Add selector authorization to the Node authorizer 2024-07-19 15:06:51 -04:00
Jordan Liggitt
03d48b7683 Move CEL env initialization out of package init() 
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.
 2024-07-19 15:06:48 -04:00
David Eads
92e3445e9d add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-07-19 15:06:47 -04:00
Kubernetes Prow Robot
b3e769b72e Merge pull request #126228 from googs1025/fix_informer 
chore(Job):  make trivial improvements to job controller unit test
 2024-07-19 12:03:24 -07:00
Kubernetes Prow Robot
6f3f115378 Merge pull request #126222 from macsko/dont_lock_activeq_twice_in_activate_in_scheduling_queue 
Don't lock activeQ twice when activating pod in scheduling queue
 2024-07-19 12:03:10 -07:00
David Eads
f5e5bef2e0 generate 2024-07-19 14:35:37 -04:00
David Eads
90f0b88b6a add subjectaccessreview field and label selectors 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-07-19 14:34:49 -04:00
Kubernetes Prow Robot
ce961fdc84 Merge pull request #125165 from carlory/clean-volume-util 
remove unused functions in volume/util
 2024-07-19 10:34:45 -07:00
googs1025
6626b9ce28 chore(Job): remove deprecated fake.NewSimpleClientset method 2024-07-19 23:46:29 +08:00
googs1025
75a4cfbd58 chore(Job): use ctx.Done() instead of stopCh 2024-07-19 23:43:36 +08:00
googs1025
af5b8bed70 chore(Job): use WaitForCacheSync method after sharedInformerFactory Start 2024-07-19 23:41:20 +08:00
bells17
e1aa8197ed volumebinding: scheduler queueing hints - CSIStorageCapacity (#124961) 
* volumebinding: scheduler queueing hints - CSIStorageCapacity

* Fixed points mentioned in the review

* Fixed points mentioned in the review

* Update pkg/scheduler/framework/plugins/volumebinding/volume_binding.go

Co-authored-by: Kensei Nakada <handbomusic@gmail.com>

* Update pkg/scheduler/framework/plugins/volumebinding/volume_binding_test.go

Co-authored-by: Kensei Nakada <handbomusic@gmail.com>

* Fixed points mentioned in the review

* volume_binding.go を更新

Co-authored-by: Kensei Nakada <handbomusic@gmail.com>

---------

Co-authored-by: Kensei Nakada <handbomusic@gmail.com>
 2024-07-19 07:53:52 -07:00
Kubernetes Prow Robot
01eb9f4754 Merge pull request #125929 from sanposhiho/requeueing-metrics 
add: implement event_handling_duration_seconds metric
 2024-07-19 04:43:00 -07:00
Maciej Skoczeń
7421ded6f9 Don't lock activeQ twice when activating pod in scheduling queue 2024-07-19 09:18:42 +00:00
Kubernetes Prow Robot
77e12aeca9 Merge pull request #126207 from thockin/ingress-backend-port-atomic 
Make ServiceBackendPort an atomic struct
 2024-07-18 19:24:26 -07:00
Kubernetes Prow Robot
7f2c167b9c Merge pull request #126203 from danwinship/kube-proxy-bad-ips 
validate that kube-proxy handles "bad" IPs/CIDRs correctly
 2024-07-18 19:24:18 -07:00
Kubernetes Prow Robot
25935965c5 Merge pull request #125782 from aborrero/master 
procMount: fix default value documentation
 2024-07-18 19:24:11 -07:00
Kubernetes Prow Robot
27fa59a8af Merge pull request #125656 from gyuho/recent-stats-check-error-for-error-level-logging 
feat(kubelet/stats): match cadvisor error to lower not found stats log level
 2024-07-18 19:24:01 -07:00
Kubernetes Prow Robot
f2428d66cc Merge pull request #125163 from pohly/dra-kubelet-api-version-independent-no-rest-proxy 
DRA: make kubelet independent of the resource.k8s.io API version
 2024-07-18 17:47:48 -07:00
Kubernetes Prow Robot
5fc7032a0e Merge pull request #126156 from pohly/kubelet-test-enhancements 
kubelet test enhancements
 2024-07-18 14:50:54 -07:00
Kubernetes Prow Robot
fa7fcde5a4 Merge pull request #125813 from aojea/node_csr_ips 
Node Request Certificates require to have IPs
 2024-07-18 14:50:48 -07:00
Patrick Ohly
7701a48bd6 dra kubelet: bump gRPC API to v1alpha4 
The previous changes are an API break, therefore we need a new version.
 2024-07-18 23:30:09 +02:00
Monis Khan
6a6771b514 svm: set UID and RV on SSA patch to cause conflict on logical create 
When a resource gets deleted during migration, the SVM SSA patch
calls are interpreted as a logical create request.  Since the object
from storage is nil, the merged result is just a type meta object,
which lacks a name in the body.  This fails when the API server
checks that the name from the request URL and the body are the same.
Note that a create request is something that SVM controller should
never do.

Once the UID is set on the patch, the API server will fail the
request at a slightly earlier point with an "uid mismatch" conflict
error, which the SVM controller can handle gracefully.

Setting UID by itself is not sufficient.  When a resource gets
deleted and recreated, if RV is not set but UID is set, we would get
an immutable field validation error for attempting to update the
UID.  To address this, we set the resource version on the SSA patch
as well.  This will cause that update request to also fail with a
conflict error.

Added the create verb on all resources for SVM controller RBAC as
otherwise the API server will reject the request before it fails
with a conflict error.

The change addresses a host of other issues with the SVM controller:

1. Include failure message in SVM resource
2. Do not block forever on unsynced GC monitor
3. Do not immediately fail on GC monitor being missing, allow for
   a grace period since discovery may be out of sync
4. Set higher QPS and burst to handle large migrations

Test changes:

1. Clean up CRD webhook convertor logs
2. Allow SVM tests to be run multiple times to make finding flakes easier
3. Create and delete CRs during CRD test to force out any flakes
4. Add a stress test with multiple parallel migrations
5. Enable RBAC on KAS
6. Run KCM directly to exercise wiring and RBAC
7. Better logs during CRD migration
8. Scan audit logs to confirm SVM controller never creates

Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-07-18 17:19:11 -04:00
Tim Hockin
7313990f61 Make ServiceBackendPort an atomic struct 
This allows different actors to force ownership of it without having to
explicitly unset the other field.
 2024-07-18 13:20:33 -07:00
Kubernetes Prow Robot
595927da21 Merge pull request #125660 from saschagrunert/oci-volumesource-api 
[KEP-4639] Add `ImageVolumeSource` API
 2024-07-18 10:39:15 -07:00
Kubernetes Prow Robot
601eb7e9cf Merge pull request #122922 from marosset/windows-memory-eviction 
Add support for Windows memory-pressure eviction
 2024-07-18 10:39:06 -07:00
Sascha Grunert
f7ca3131e0 Add ImageVolumeSource API 
Adding the required Kubernetes API so that the kubelet can start using
it. This patch also adds the corresponding alpha feature gate as
outlined in KEP 4639.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-18 17:25:54 +02:00
Dan Winship
30bc1b59d7 Add unit tests to validate "bad IP/CIDR" handling in kube-proxy 
Also, fix the handling of bad EndpointSlice IPs!
 2024-07-18 10:55:13 -04:00
Dan Winship
f762e5c8de Remove an unnecessary comment in nftables output 
(It's redundant with the chain name.)
 2024-07-18 10:54:30 -04:00
Dan Winship
11f55eae96 Reduce some duplication in nftables unit tests 2024-07-18 10:53:36 -04:00
Kubernetes Prow Robot
dda657b598 Merge pull request #126191 from p0lyn0mial/upstream-revert-promote-watch-list-to-beta 
Revert "Promote WatchList feature to Beta"
 2024-07-18 07:39:28 -07:00
Kubernetes Prow Robot
eb58e5e002 Merge pull request #125976 from vrutkovs/apf-typemeta-print-type 
flowcontrol: print object type when bootstrapping flowschemas
 2024-07-18 07:39:19 -07:00
Kubernetes Prow Robot
7693a7e71a Merge pull request #126190 from mimowo/job-controller-cleanup 
Cleanup Job controller isPodFailed function
 2024-07-18 02:44:53 -07:00
Antonio Ojea
bc63c412b9 kubelet request certificates if at least one IP exist 
A Kubernetes Node requires to have at minimum one IP address
because those are used on the Pods field HostIPs and in some cases,
when pods uses hostNetwork: true, as PodIPs.
Nodes that use IP addresses as Hostname are interpreted as an IP
address, so it is possible that are nodes that don't hane any DNSname.

The feature gate AllowDNSOnlyNodeCSR will allow user to opt-in for
the old behavior.

Change-Id: I094531d87246f1e7a5ef4fe57bd5d9840cb1375d
 2024-07-18 09:44:48 +00:00
Kensei Nakada
9ff3227b15 add: implement event_handling_duration_seconds metric 2024-07-18 18:16:57 +09:00
Kubernetes Prow Robot
24fbb13eaf Merge pull request #126113 from googs1025/enqueueExtensions_refactor 
scheduler: Add ctx param and error return to EnqueueExtensions.EventsToRegister()
 2024-07-18 00:53:25 -07:00
Kubernetes Prow Robot
9196650533 Merge pull request #123819 from fakecore/fc/master 
fix: handle socket file detection on Windows
 2024-07-18 00:53:16 -07:00
Lukasz Szaszkiewicz
88f47b4b4d Revert "kube-apiserver: promote WatchList feature to beta" 
This reverts commit 0b15903b35.
 2024-07-18 09:29:24 +02:00
Patrick Ohly
348f94ab55 DRA: read ResourceClaim in DRA drivers 
This is the second and final step towards making kubelet independent of the
resource.k8s.io API versioning because it now doesn't need to copy structs
defined by that API from the driver to the API server.
 2024-07-18 09:09:20 +02:00