github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,941 Commits 1 Branch 31 Tags
ec301a5cc76f48cdadc77bcfbd686cf40b124ecf
Commit Graph

49493 Commits

Author SHA1 Message Date
cpanato
fc428df491 update setcap/debian-base to bookworm-v1.0.2 
Signed-off-by: cpanato <ctadeu@gmail.com>
 2024-03-28 14:57:22 +01:00
Fabio Bertinatto
c893c48432 Use the right feature gate when updating uncertain volumes 2024-03-25 16:47:08 -03:00
Kubernetes Prow Robot
227c2e7c2b Merge pull request #123720 from HirazawaUi/fix-slow-dra-test 
kubelet: fix slow dra unit test
 2024-03-25 10:22:33 -07:00
kerthcet
84750fe52e Revert "enhancement(scheduler): share waitingPods among profiles" 
This reverts commit 227c1915db.
 2024-03-19 22:52:59 +01:00
kerthcet
a67d1dc010 Revert "Fix flaky test on multi profiles waiting pod" 
This reverts commit 5b072a59a2.
 2024-03-19 22:52:07 +01:00
Kubernetes Prow Robot
aa73f3163a Merge pull request #122292 from sanposhiho/nodeupdate 
register Node/UpdateTaint event to plugins which has Node/Add only and doesn't have Node/UpdateTaint
 2024-03-18 08:33:54 -07:00
Marek Siarkowicz
0130072b05 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. 2024-03-18 11:55:13 +01:00
HirazawaUi
10b6319e64 fix slow dra unit test 2024-03-16 22:21:15 +08:00
Kensei Nakada
2b56de43e5 register Node/UpdateNodeTaint event to plugins which has Node/Add only, doesn't have Node/UpdateNodeTaint 2024-03-16 14:13:06 +00:00
Ed Bartosh
26881132bd kubelet: assign Node as an owner for the ResourceSlice 
Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
 2024-03-15 09:46:13 +02:00
Kubernetes Prow Robot
d194e6d06c Merge pull request #123932 from pohly/dra-api-resource-model-rename 
dra api: NodeResourceModel -> ResourceModel
 2024-03-14 12:11:35 -07:00
Patrick Ohly
a0add8d2c7 dra api: NodeResourceModel -> ResourceModel 
When renaming NodeResourceSlice to ResourceSlice, the embedded
[Node]ResourceModel also should have been renamed.
 2024-03-14 18:07:36 +01:00
Akihiro Suda
8963e73f12 kubelet: fix mixing up runtime classes with runtime handlers 
Fix issue 123906

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 08:14:48 +09:00
Akihiro Suda
1dc05009fe api: NodeStatus: rename RuntimeClasses to RuntimeHandlers 
The runtime classes are apiserver's concept, while the handlers are kubelet's concept.
For NodeStatus, it makes more sense to return the latter ones here.

This commit modifies the following files:

- pkg/apis/core/types.go
- staging/src/k8s.io/api/core/v1/types.go
- pkg/kubelet/nodestatus/setters.go
- pkg/kubelet/kubelet_node_status.go
- pkg/registry/core/node/strategy.go
- test/e2e_node/mount_rro_linux_test.go

Other changes were auto-generated by running `make update`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 08:06:39 +09:00
Akihiro Suda
4a776f66ec kubelet: silence "unknown runtime class" errors when unsupported 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-14 07:08:42 +09:00
Antonio Ojea
7ab1ef644e Revert "Implement a field selector for ClusterIP on Services" 2024-03-12 12:20:27 +00:00
Kubernetes Prow Robot
3ec6a38795 Merge pull request #123828 from klueska/non-nil-parameters 
dra scheduler: ensure that we never have nil claim/class parameters
 2024-03-11 14:35:57 -07:00
Kubernetes Prow Robot
57c89abb45 Merge pull request #123792 from mimowo/propose-api-comments-fix 
Adjust the Job field API comments and validation to the current state
 2024-03-11 11:26:04 -07:00
Kevin Klues
21a0dd1d70 dra scheduler: create default claim/class parameters instead of nil 
Without this, the scheduler was crashing in newClaimController() in
pkg/scheduler/framework/plugins/dynamicresources/structuredparameters.go

The code in newClaimController() assumes that the parameters are not nil.
Furthermore it assumes that there is at least one DriverRequest populated in
order to allocate any resources to a claim.

This PR adds logic to define default claim/class parameters that will allow
allocation to proceed even if an end user doesn't provide any class or claim
parameters themselves.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-03-11 13:57:16 +00:00
Kevin Klues
fc2134c84c dra kubelet: fix error log 
Previously we were returning the error string from 'err' (which is nil), when
we should have been returning it from result.Error. Without this it is hard to
debug issues with NodeUnprepareResources.

Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-03-11 13:51:29 +00:00
Kubernetes Prow Robot
b3926d137c Merge pull request #123831 from klueska/fix-unprepare-resources 
Add StructuredResourceModel to UnprepareResources call
 2024-03-11 03:25:14 -07:00
Kubernetes Prow Robot
611dbaa055 Merge pull request #122790 from carlory/fix-121696 
Fix flaky test: Test_Run_OneVolumeDetachFailNodeWithReadWriteOnce
 2024-03-10 19:23:40 -07:00
Kubernetes Prow Robot
8f80e01467 Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta
 2024-03-09 17:09:56 -08:00
Anish Ramasekar
62ac88b9ea Add metrics for authentication config reload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-09 14:40:22 -08:00
Kubernetes Prow Robot
77ecfb7800 Merge pull request #123525 from enj/enj/f/authn_config_reload 
Add dynamic reload support for authentication configuration
 2024-03-09 14:13:37 -08:00
Monis Khan
b4935d910d Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-09 14:29:33 -05:00
Kevin Klues
13a6dcc21c dra kubelet: add StructuredResourceModel to UnprepareResources call 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-03-09 18:08:14 +00:00
Akihiro Suda
c7f52b34f3 kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
6f12e1d8e5 kubelet: expose containerStatuses.volumeMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
dd0882a83e kubelet: expose node.status.runtimeClasses 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
8db07446f1 api: validate RecursiveReadOnlyMounts 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 02:59:30 +09:00
Akihiro Suda
8828530fd5 node: dropDisabledFields: recognize RecursiveReadOnlyMounts gate 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:13 +09:00
Akihiro Suda
ce1918875f pod: dropDisabledFields: recognize RecursiveReadOnlyMounts 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:12 +09:00
Akihiro Suda
d940886d0a api: KEP-3857: Recursive Read-only (RRO) mounts 
This commit modifies the following files:

- pkg/apis/core/types.go
- staging/src/k8s.io/api/core/v1/types.go

Other changes were auto-generated by running `make update`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:12 +09:00
Akihiro Suda
0b1a507b00 pkg/features: add RecursiveReadOnlyMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:10 +09:00
Akihiro Suda
76081a10c2 kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:09 +09:00
Akihiro Suda
27f24a62e3 kubelet: change map[string]RuntimeHandler to []RuntimeHandler 
The map is changed to an array so as to retain the order of the original array
propagated from the CRI runtime.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:07 +09:00
Kubernetes Prow Robot
d3d06c3c7e Merge pull request #123826 from tenzen-y/use-fake-client-job-unit 
Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers
 2024-03-08 15:11:13 -08:00
Yuki Iwai
f2508df279 Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-03-09 06:09:05 +09:00
Nilekh Chaudhari
9161302e7f feat: implements svm controller 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2024-03-08 19:25:10 +00:00
Michal Wozniak
79fe37537c Adjust the validation to the current state 2024-03-08 17:43:24 +01:00
Michal Wozniak
1163c7ed9c Adjust the API comments to the current state 2024-03-08 17:29:49 +01:00
Nilekh Chaudhari
91a7708cdc feat: implements Storage Version Migration API in-tree 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2024-03-08 04:18:56 +00:00
Kubernetes Prow Robot
7ea3d0245a Merge pull request #123516 from pohly/dra-structured-parameters 
DRA: structured parameters
 2024-03-07 19:24:48 -08:00
Kubernetes Prow Robot
9ad2aabc64 Merge pull request #123520 from haircommander/proc-mount-rely-userns-2 
KEP-4265: Update Unmasked ProcMountType to fail validation without a pod level user namespace
 2024-03-07 18:21:08 -08:00
Kubernetes Prow Robot
b1741c004b Merge pull request #123811 from tallclair/apparmor-ga 
Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated
 2024-03-07 16:18:44 -08:00
Tim Allclair
04ac13b6b7 Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated 2024-03-07 15:00:07 -08:00
Kubernetes Prow Robot
364ef335db Merge pull request #123412 from tenzen-y/add-new-jobsuccesspolicy-api 
Job: Support for the SuccessPolicy
 2024-03-07 14:49:20 -08:00
Patrick Ohly
6a361e1f36 dra api: enable new CEL features by faking their version 
There are two approaches for making new versioned CEL features available in the
release where they get introduced:
- Always use the environment for "StoredExpressions".
- Use an older version (typically 1.0) and only bump it up later.

The second approach was used before, so this is now also done here.
 2024-03-07 22:26:20 +01:00
Patrick Ohly
251b3859b0 dra scheduler: consider in-flight allocation for resource calculation 
Storing a modified claim with allocation and the original resource version in
the assume cache was not reliable: if an update was received, it replaced the
modified claim and the resource that was reserved for the claim might have been
used for some other claim.

To fix this, the in-flight claims are now stored in the map instead of just a
boolean and the status stored there overrides whatever is in the assume cache.

Logging got extended to diagnose this problem better. It started to occur in
E2E tests after splitting the claim update so that first the finalizer is set
and then the status, because setting the finalizer triggered an update.
 2024-03-07 22:26:16 +01:00