Commit Graph

108005 Commits

Author SHA1 Message Date
Lars Ekman
61085a7589 Ipvs: non-local access to externalTrafficPolicy:Local
Allow access to externalTrafficPolicy:Local services from PODs
not on a node where a server executes. Problem described in #93456
2022-03-29 21:42:39 +02:00
Davanum Srinivas
f7ad09c447 Switch to pause 3.7
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-03-29 15:36:38 -04:00
Fabio Bertinatto
8150cf8d96 Update EnableControllerAttachDetach documentation
The kubelet does not support attach/detach operations on CSI volumes. As
a result, CSI volumes rely on the Attach/Detach controller enabled.
2022-03-29 16:20:06 -03:00
Marek Siarkowicz
73b0af70f9 Add note about etcd v3.5.0 data corruption 2022-03-29 20:58:16 +02:00
cici37
1dbd445a98 Update comment 2022-03-29 11:56:49 -07:00
Shiming Zhang
61b3c028ba Field status.hostIPs added for Pod (#101566)
* Add FeatureGate PodHostIPs

* Add HostIPs field and update PodIPs field

* Types conversion

* Add dropDisabledStatusFields

* Add HostIPs for kubelet

* Add fuzzer for PodStatus

* Add status.hostIPs in ConvertDownwardAPIFieldLabel

* Add status.hostIPs in validEnvDownwardAPIFieldPathExpressions

* Downward API support for status.hostIPs

* Add DownwardAPI validation for status.hostIPs

* Add e2e to check that hostIPs works

* Add e2e to check that Downward API works

* Regenerate
2022-03-29 11:46:07 -07:00
Joe Betz
0d30e21867 Reduce CEL runtime cost limits by 1/2 based on latency goals 2022-03-29 14:37:57 -04:00
Ben Swartzlander
08948ca779 Update AnyVolumeDataSource feature gate to beta
Default to enabled
Fix validation of null-updates/patches when the "old" PVC was persisted by
an older version. Add upgrade integration tests written by liggitt.
2022-03-29 13:39:48 -04:00
Kubernetes Prow Robot
05b59e7717 Merge pull request #107681 from andyzhangx/azuredisk-migration-ga
mark AzureDisk CSI migration as GA
2022-03-29 10:24:55 -07:00
Ross Peoples
d26e6cca72 make update after timeZone support for CronJob 2022-03-29 11:40:46 -05:00
Ross Peoples
dbb3906a09 Fix for timeZone validation and strategy 2022-03-29 11:40:34 -05:00
Katrina Verey
ac37f69f17 Update error message assertions 2022-03-29 12:29:14 -04:00
Katrina Verey
a8e1c67667 Update kubectl kustomize to kyaml/v0.13.6, cmd/config/v0.10.6, api/v0.11.4, kustomize/v4.5.4 2022-03-29 12:29:11 -04:00
Kubernetes Prow Robot
6c96ac04ff Merge pull request #101218 from gjkim42/add-taint-toleration-check
kubelet: check taint/toleration before accepting pods
2022-03-29 09:16:56 -07:00
Andrew Sy Kim
50d93f7cec test/utils/image: use agnhost image agnhost:2.36 to include --delay-shutdown flag
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2022-03-29 11:37:43 -04:00
Andrew Sy Kim
01c178c9de test/e2e/network: add e2e tests for ProxyTerminatingEndpoints
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2022-03-29 11:37:43 -04:00
Andrew Sy Kim
53439020a4 pkg/proxy/ipvs: add unit tests Test_EndpointSliceOnlyReadyAndTerminatingCluster and Test_EndpointSliceReadyAndTerminatingCluster for validating ProxyTerminatingEndpoints when the traffic policy is 'Cluster'
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2022-03-29 11:37:15 -04:00
Andrew Sy Kim
718a655e42 pkg/proxy/iptables: add and fix existing unit tests based on changes to ProxyTermintingEndpoints
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2022-03-29 11:37:15 -04:00
Andrew Sy Kim
e2e0b6fca8 pkg/proxy: update CategorizeEndpoints to apply ProxyTerminatingEndpoints to all traffic policies
Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2022-03-29 11:06:58 -04:00
Maciej Borsz
488a19184e For each call, log apf_execution_time 2022-03-29 14:55:52 +00:00
Jordan Liggitt
f1dd9a6114 Add audit annotations and log prefixes to deprecated cert warnings 2022-03-29 10:45:03 -04:00
Aldo Culquicondor
8c00f510ef Graduate JobReadyPods to beta
Set podUpdateBatchPeriod to 1s

Change-Id: I8a10fd8f8559adad9df179b664b8c82851607855
2022-03-29 10:07:41 -04:00
Kir Kolyshkin
79c17cf44e vendor: bump runc to 1.1.1
Release notes:
  https://github.com/opencontainers/runc/releases/tag/v1.1.1

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-29 06:58:09 -07:00
Kensei Nakada
136cf57809 use sync.Map in CycleState for better performance 2022-03-29 13:19:50 +00:00
Jordan Liggitt
cff4eeef9f Tolerate additional error messages in TLS unit tests 2022-03-29 08:57:31 -04:00
Patrick Ohly
7de1b05e85 logging: add ContextualLogging feature
InitLogs overrides the klog default and turns contextual logging off. This
ensures that it is only enabled in Kubernetes commands that explicitly enable
it via a feature gate. A feature gate for it gets defined in
k8s.io/component-base/logs and is then used by Options.ValidateAndApply.

The effect of disabling contextual logging is very limited according to
benchmarks with kube-scheduler. The feature gets added anyway to satisfy the
PRR recommendation that features should be controllable.

The following commands have support for contextual logging:
- kube-apiserver
- kube-controller-manager
- kubelet
- kube-scheduler
- component-base/logs example

Supporting a feature gate check in ValidateAndApply and not in InitLogs is a
simplification: changing InitLogs to accept a FeatureGate would have implied
changing also component-base/cli.Run. This didn't seem worthwhile because
ValidateAndApply already covers the relevant commands.
2022-03-29 13:29:57 +02:00
Shubham Kuchhal
ce17a02747 Update rs.extensions to rs.apps 2022-03-29 16:40:28 +05:30
Patrick Ohly
b390d018c7 logs: pass verbosity to loggers
When a Logger gets called directly via contextual logging, it has to do its own
verbosity check and therefore needs to know what the intended verbosity level
is.

This used to work previously because all verbosity checks were done in klog
before invoking the Logger.
2022-03-29 12:06:40 +02:00
Patrick Ohly
ef30d845d9 json: test handling of duplicate keys
We want to see in the output when keys are used more than once. This should be
fixed because parsing the log messages as JSON will only preserve one of the
values.
2022-03-29 12:00:26 +02:00
Patrick Ohly
ab318cf89f json: enable WithName logging
The name added to a logger via WithName only gets printed when a key is
chosen. "logger" is used as in the zap examples.

This becomes relevant once we support contextual logging. When logging through
klog the name is always empty.
2022-03-29 12:00:26 +02:00
Patrick Ohly
3fe5b3e09d json: test WithName
At the moment, the zap configuration ignores the WithName values.
2022-03-29 12:00:26 +02:00
Kubernetes Prow Robot
1ea07d482a Merge pull request #108126 from sanposhiho/doc/generatedname
fix the doc about generateName conflict
2022-03-29 02:58:47 -07:00
Ricardo Katz
42a1201082 Implementation on Network Policy Status (#107963)
* Implement status subresource in NetworkPolicy

* add NetworkPolicyStatus generated files

* Fix comments in netpol status review
2022-03-29 01:52:48 -07:00
Paco Xu
4e96009c15 use privileged enforce level in host pid sharing testing 2022-03-29 15:51:33 +08:00
Kubernetes Prow Robot
fe8a663860 Merge pull request #109029 from ehashman/runc-1.1.0
Dep bump to runc 1.1.0, cadvisor 0.44.0
2022-03-28 22:45:10 -07:00
Kir Kolyshkin
fd21ade6d5 vendor: bump golang/mock to 1.6.0
Commit e3ed3ba7c9 bumps golang/mock to 1.6.0 in hack/tools.
It makes sense to keep its version in sync, so let's do the same
in the top level go.mod.

Generated by

	./hack/pin-dependency.sh github.com/golang/mock v1.6.0
	./hack/lint-dependencies.sh
	./hack/update-vendor.sh
	./hack/update-internal-modules.sh

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 21:49:04 -07:00
Kubernetes Prow Robot
656dc213ce Merge pull request #108992 from alexzielenski/cache-busting-client-go
client-go: OpenAPI v3 support
2022-03-28 21:37:11 -07:00
Kubernetes Prow Robot
c64a8cdc2d Merge pull request #109078 from tallclair/audit-mutex
Audit mutex
2022-03-28 20:29:11 -07:00
Kubernetes Prow Robot
c290874532 Merge pull request #109089 from deepakkinni/deprecate-vc-70u2-below-releases-v2
deprecate vsphere releases less than 7.0u2 for in-tree vsphere volumes
2022-03-28 19:25:11 -07:00
Alexander Zielenski
e9fc6c28a2 adjust comments 2022-03-28 18:40:34 -07:00
Kubernetes Prow Robot
f85ff4b574 Merge pull request #82162 from krmayankk/maxun
API: maxUnavailable for StatefulSet
2022-03-28 17:57:10 -07:00
Divyen Patel
009286019e deprecate vsphere releases less than 7.0u2 for in-tree vsphere volume plugin 2022-03-29 06:15:22 +05:30
Tim Allclair
bdebc62d49 Don't add audit annotations directly to the audit event 2022-03-28 17:03:53 -07:00
Kubernetes Prow Robot
874d4bff43 Merge pull request #108990 from jpbetz/per-crd
CRD CEL Validation: per-CRD estimated cost limit enforcement
2022-03-28 16:53:11 -07:00
Kir Kolyshkin
37761a329e pkg/kubelet: changes to update runc to 1.1.0
The changes (mostly in pkg/kubelet/cm) are there to adopt changed
runc 1.1 API, and simplify things a bit. In particular:

1. simplify cgroup manager instantiation, using a new, easier way of
   libcontainers/cgroups/manager.New;

2. replace libcontainerAdapter with a boolean variable (all it did
   was passing on whether systemd manager should be used);

3. trivial change due to removed cgroupfs.HugePageSizes and added
    cgroups.HugePageSizes();

4. do not calculate cgroup paths in update / destroy, since libcontainer
   cgroup managers now calculate the paths upon creation (previously,
   they were doing that only in Apply, so using e.g. Set or Destroy right
   after creation was impossible without specifying paths).

We currently still calculate cgroup paths in Exists -- this is to be
addressed separately.

Co-Authored-By: Elana Hashman <ehashman@redhat.com>
2022-03-28 16:23:20 -07:00
Elana Hashman
07af1bab70 deps: update runc to 1.1.0
This updates vendored runc/libcontainer to 1.1.0,
and google/cadvisor to a version updated to runc 1.1.0
(google/cadvisor#3048).

Changes in vendor are generated by (roughly):

        ./hack/pin-dependency.sh github.com/google/cadvisor v0.44.0
        ./hack/pin-dependency.sh github.com/opencontainers/runc v1.1.0
        ./hack/update-vendor.sh
        ./hack/lint-dependencies.sh # And follow all its recommendations.
        ./hack/update-vendor.sh
        ./hack/update-internal-modules.sh
        ./hack/lint-dependencies.sh # Re-check everything again.

Co-Authored-By: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-28 16:23:18 -07:00
Kubernetes Prow Robot
41830a1f79 Merge pull request #109080 from tallclair/audit-cleanup
Delete dead code
2022-03-28 15:24:12 -07:00
Kubernetes Prow Robot
4fdca04f35 Merge pull request #109059 from danwinship/kube-iptables-hint
Create a KUBE-IPTABLES-HINT chain
2022-03-28 15:24:04 -07:00
Kubernetes Prow Robot
ef45c99506 Merge pull request #109025 from alculquicondor/smaller-job-integration-load
Reduce number of pods in Job+GC tests
2022-03-28 15:23:56 -07:00
Kubernetes Prow Robot
6571eb2450 Merge pull request #108629 from skitt/blang-semver-v4
Upgrade to blang/semver/v4 v4.0.0
2022-03-28 15:23:48 -07:00