github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
124,104 Commits 1 Branch 31 Tags
bc3c07091b3501ac52c7c322f246df5e36815c20
Commit Graph

21281 Commits

Author SHA1 Message Date
Dr. Stefan Schimanski
834cd7ca4a aggregator: split availability controller into local and remote part 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-21 17:31:24 +02:00
Dr. Stefan Schimanski
bbdc247406 aggregator: make linter happy 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-21 16:45:28 +02:00
Dr. Stefan Schimanski
b5759ad4f9 aggregator: (pre-)move availability controller 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-21 13:48:50 +02:00
Dr. Stefan Schimanski
c5095069a8 aggregator: separate out status controller metrics 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
 2024-07-21 13:48:49 +02:00
Kubernetes Prow Robot
90a84704d6 Merge pull request #126231 from seans3/websocket-https-proxy-fix 
Falls back to SPDY for gorilla/websocket https proxy error
 2024-07-20 13:23:16 -07:00
Sean Sullivan
bc52647251 moving for easier cherry-pick 2024-07-20 05:29:57 -07:00
Sean Sullivan
9d560540c5 Falls back to SPDY for gorilla/websocket https proxy error 2024-07-20 00:10:32 -07:00
Kubernetes Prow Robot
8f265b6305 Merge pull request #126136 from cici37/removeFG 
Remove feature gate CustomResourceValidationExpressions
 2024-07-20 00:08:52 -07:00
Kubernetes Prow Robot
64ba17c605 Merge pull request #125571 from liggitt/filter-auth-02-sar 
add field and label selectors to authorization
 2024-07-19 15:30:01 -07:00
Kubernetes Prow Robot
fa15f12fb5 Merge pull request #126174 from dobsonj/corruptedmnt-enodev 
mount-utils: treat syscall.ENODEV as corrupted mount
 2024-07-19 13:08:48 -07:00
Jordan Liggitt
9f8f36708a Fixup lint warning 2024-07-19 15:06:52 -04:00
Jordan Liggitt
a1398a8cca Add structured labelSelector / fieldSelector to authorization webhook match conditions 2024-07-19 15:06:50 -04:00
Jordan Liggitt
83bd512861 Adjust CEL cost calculation and versioning for authorization library 2024-07-19 15:06:49 -04:00
David Eads
be2e32fa3e Add CEL fieldSelector / labelSelector support to authorizer library 2024-07-19 15:06:49 -04:00
Jordan Liggitt
03d48b7683 Move CEL env initialization out of package init() 
This ensures compatibility version and feature gates can be initialized
before cached CEL environments are created.
 2024-07-19 15:06:48 -04:00
Jordan Liggitt
1d2ad282cf Improve CEL cost tests to catch unhandled estimates or types 2024-07-19 15:06:47 -04:00
David Eads
92e3445e9d add field and label selectors to authorization attributes 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-07-19 15:06:47 -04:00
David Eads
f5e5bef2e0 generate 2024-07-19 14:35:37 -04:00
David Eads
90f0b88b6a add subjectaccessreview field and label selectors 
Co-authored-by: Jordan Liggitt <liggitt@google.com>
 2024-07-19 14:34:49 -04:00
Kubernetes Prow Robot
acaec0c23a Merge pull request #126124 from cici37/feature/validating-admission-policy/metrics-improvement 
Feature/validating admission policy/metrics improvement
 2024-07-19 10:34:58 -07:00
Jonathan Dobson
4cec4e7422 mount-utils: treat syscall.ENODEV as corrupted mount 2024-07-19 08:14:30 -06:00
Kubernetes Prow Robot
77e12aeca9 Merge pull request #126207 from thockin/ingress-backend-port-atomic 
Make ServiceBackendPort an atomic struct
 2024-07-18 19:24:26 -07:00
Kubernetes Prow Robot
25935965c5 Merge pull request #125782 from aborrero/master 
procMount: fix default value documentation
 2024-07-18 19:24:11 -07:00
Kubernetes Prow Robot
f2428d66cc Merge pull request #125163 from pohly/dra-kubelet-api-version-independent-no-rest-proxy 
DRA: make kubelet independent of the resource.k8s.io API version
 2024-07-18 17:47:48 -07:00
Patrick Ohly
7701a48bd6 dra kubelet: bump gRPC API to v1alpha4 
The previous changes are an API break, therefore we need a new version.
 2024-07-18 23:30:09 +02:00
Kubernetes Prow Robot
d040043edb Merge pull request #124736 from MikeSpreitzer/exempt-borrows-more 
More assertive borrowing by exempt
 2024-07-18 13:41:38 -07:00
Tim Hockin
7313990f61 Make ServiceBackendPort an atomic struct 
This allows different actors to force ownership of it without having to
explicitly unset the other field.
 2024-07-18 13:20:33 -07:00
Kubernetes Prow Robot
595927da21 Merge pull request #125660 from saschagrunert/oci-volumesource-api 
[KEP-4639] Add `ImageVolumeSource` API
 2024-07-18 10:39:15 -07:00
Kubernetes Prow Robot
601eb7e9cf Merge pull request #122922 from marosset/windows-memory-eviction 
Add support for Windows memory-pressure eviction
 2024-07-18 10:39:06 -07:00
Kubernetes Prow Robot
73198f893c Merge pull request #124859 from morlay/master 
Remove json:",omitempty" where json:",inline" specified.
 2024-07-18 09:33:33 -07:00
Sascha Grunert
f7ca3131e0 Add ImageVolumeSource API 
Adding the required Kubernetes API so that the kubelet can start using
it. This patch also adds the corresponding alpha feature gate as
outlined in KEP 4639.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2024-07-18 17:25:54 +02:00
Lukasz Szaszkiewicz
88f47b4b4d Revert "kube-apiserver: promote WatchList feature to beta" 
This reverts commit 0b15903b35.
 2024-07-18 09:29:24 +02:00
Patrick Ohly
348f94ab55 DRA: read ResourceClaim in DRA drivers 
This is the second and final step towards making kubelet independent of the
resource.k8s.io API versioning because it now doesn't need to copy structs
defined by that API from the driver to the API server.
 2024-07-18 09:09:20 +02:00
Patrick Ohly
616a014347 DRA: move ResourceSlice publishing into DRA drivers 
This is a first step towards making kubelet independent of the resource.k8s.io
API versioning because it now doesn't need to copy structs defined by that API
from the driver to the API server. The next step is removing the other
direction (reading ResourceClaim status and passing the resource handle to
drivers).

The drivers must get deployed so that they have their own connection to the API
server. Securing at least the writes via a validating admission policy should
be possible.

As before, the kubelet removes all ResourceSlices for its node at startup, then
DRA drivers recreate them if (and only if) they start up again. This ensures
that there are no orphaned ResourceSlices when a driver gets removed while the
kubelet was down.

While at it, logging gets cleaned up and updated to use structured, contextual
logging as much as possible. gRPC requests and streams now use a shared,
per-process request ID and streams also get logged.
 2024-07-18 09:09:19 +02:00
Kubernetes Prow Robot
d0545c8eb4 Merge pull request #126073 from a7i/fake-apply-scale-subresource 
fix: fake clientset ApplyScale subresource from 'status' to 'scale'
 2024-07-17 17:35:52 -07:00
Kubernetes Prow Robot
45cb3a1bd0 Merge pull request #126173 from bergerhoffer/cli-help 
A few minor help text tweaks
 2024-07-17 16:29:34 -07:00
Mark Rossetti
0411a3d565 Add support for memory pressure evictiong on Windows 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2024-07-17 15:11:30 -07:00
Kubernetes Prow Robot
42e22cc99d Merge pull request #126162 from danwinship/kube-proxy-config-owners 
Add me to kube-proxy config api approvers
 2024-07-17 13:10:00 -07:00
Kubernetes Prow Robot
b23f41e192 Merge pull request #125940 from thockin/master 
Clarify errors in ProjectedVolume validation
 2024-07-17 13:09:51 -07:00
Kubernetes Prow Robot
ef8d67f865 Merge pull request #125809 from aojea/cloud_hostname 
add unit tests for hostname node.status.addresses
 2024-07-17 12:05:52 -07:00
Andrea Hoffer
5252f79f9b A few minor help text tweaks 2024-07-17 13:30:34 -04:00
Kubernetes Prow Robot
c3bcd4fff0 Merge pull request #126139 from enj/enj/i/revert_list_cache 
Revert "Move ConsistentListFromCache to Beta default"
 2024-07-17 09:59:14 -07:00
Dan Winship
5c372faca6 Add me to kube-proxy config api approvers 2024-07-17 09:41:53 -04:00
Monis Khan
aeb51a16e3 Revert "Move ConsistentListFromCache to Beta default" 
This reverts commit 0c0e19b343.

During stress test for SVM controller, the controller is unable to
make a list call due to following error:

resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"

With the feature disabled, the stress test passes.

Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-07-16 23:12:16 -04:00
Kubernetes Prow Robot
8aff9d3192 Merge pull request #126072 from aroradaman/proxy-config-v1alpah2-windows 
kube-proxy: internal config: add Linux and Windows section
 2024-07-16 19:37:12 -07:00
Kubernetes Prow Robot
fc3abdaf2d Merge pull request #125470 from everpeace/kep-3619-SupplementalGroupsPolicy-e2e 
KEP-3619: Add NodeStatus.Features.SupplementalGroupsPolicy API and e2e
 2024-07-16 13:57:06 -07:00
cici37
6a12b87525 Auto updates 2024-07-16 18:56:49 +00:00
Cici Huang
67a171a142 Remove feature gate CustomResourceValidationExpressions. 2024-07-16 10:39:00 -07:00
Cici Huang
b7821078b3 Fix the error type, Add into observation, Fix tests. 2024-07-16 08:27:36 -07:00
Jiahui Feng
d61edc51b8 make use of new error reporting in the dispatcher. 2024-07-16 07:22:11 -07:00