github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
106,685 Commits 1 Branch 31 Tags
f4df7d0eb27b51a0f47a49616b8b32e0bf9c18a7
Commit Graph

9854 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
659c7e709f Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 
csr: add expirationSeconds field to control cert lifetime
 2021-07-01 23:02:12 -07:00
Monis Khan
cd91e59f7c csr: add expirationSeconds field to control cert lifetime 
This change updates the CSR API to add a new, optional field called
expirationSeconds.  This field is a request to the signer for the
maximum duration the client wishes the cert to have.  The signer is
free to ignore this request based on its own internal policy.  The
signers built-in to KCM will honor this field if it is not set to a
value greater than --cluster-signing-duration.  The minimum allowed
value for this field is 600 seconds (ten minutes).

This change will help enforce safer durations for certificates in
the Kube ecosystem and will help related projects such as
cert-manager with their migration to the Kube CSR API.

Future enhancements may update the Kubelet to take advantage of this
field when it is configured in a way that can tolerate shorter
certificate lifespans with regular rotation.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-01 23:38:15 -04:00
Kubernetes Prow Robot
062bc359ca Merge pull request #102444 from sanwishe/resourceStartTime 
Expose container start time in kubelet /metrics/resource endpoint
 2021-07-01 14:27:51 -07:00
Kir Kolyshkin
ab5b77944e kubelet/cm: don't set Devices 
Since runc 1.0.0 it is now sufficient to have SkipDevices: true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2021-06-30 16:17:35 -07:00
Shiming Zhang
212ce7c287 Shorten test time 2021-06-30 09:48:26 +08:00
Elana Hashman
39f32d7286 Ensure MemorySwapConfig can't be set without feature flag 2021-06-29 12:08:25 -07:00
Elana Hashman
d4041cb80f Add generated files for swap API changes 2021-06-29 12:08:25 -07:00
Elana Hashman
d3fd1362ca Rename NoSwap to LimitedSwap as workloads may still swap 
Also made the options a kubelet type, address API review feedback
 2021-06-29 12:08:21 -07:00
Elana Hashman
0deef4610e Set MemorySwapLimitInBytes for CRI when NodeSwapEnabled 2021-06-29 11:59:02 -07:00
Elana Hashman
7342acb0b8 Add validation for KubeletConfig MemorySwap 2021-06-29 11:59:01 -07:00
Elana Hashman
bda03b4818 API change: add MemorySwap to KubeletConfiguration 2021-06-29 11:58:59 -07:00
Kubernetes Prow Robot
01819dd322 Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 
ReadWriteOncePod access mode for PVs and PVCs
 2021-06-29 10:04:40 -07:00
Kubernetes Prow Robot
756203fda0 Merge pull request #102576 from dobsonj/101911 
kubelet: do not call RemoveAll on volumes directory for orphaned pods
 2021-06-29 06:54:40 -07:00
Shiming Zhang
a42c066af7 Fix Data Race in nodeshutdown restart 2021-06-29 16:23:45 +08:00
Chris Henzie
2b98f8edc7 Enforce ReadWriteOncePod access mode during mount 2021-06-28 21:25:37 -07:00
Kubernetes Prow Robot
15d3c3a5e2 Merge pull request #102821 from ehashman/phase-fix 
Ensure kubelet statuses can handle loss of container runtime state
 2021-06-28 15:38:40 -07:00
pacoxu
f2eec0a816 ResourceConfigForPod: check initContainers as other QoS func 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-06-28 19:22:42 +08:00
Kubernetes Prow Robot
07358f1663 Merge pull request #103146 from tech-geek29/fix-95380 
Change log level to Debug
 2021-06-25 07:44:45 -07:00
Kubernetes Prow Robot
49ab9ac160 Merge pull request #103154 from jsafrane/fix-asw-mounter 
Update mounter interface in volume manager
 2021-06-24 14:18:05 -07:00
Kubernetes Prow Robot
2e93b3924a Merge pull request #101943 from saschagrunert/seccomp-default 
Add kubelet `SeccompDefault` alpha feature
 2021-06-24 13:07:41 -07:00
Kubernetes Prow Robot
79494183b7 Merge pull request #102869 from mengjiao-liu/json-register-move 
Remove default JSON logging format registration from k8s.io/component-base/logs package
 2021-06-24 11:59:41 -07:00
Kubernetes Prow Robot
06dfe683ce Merge pull request #103123 from dims/remove-fakefs-to-drop-spf13/afero-dependency 
Remove fakefs to drop spf13/afero dependency
 2021-06-24 07:57:41 -07:00
Davanum Srinivas
5feff280e1 remove fakefs to drop spf13/afero dependency 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2021-06-24 09:51:34 -04:00
Mengjiao Liu
af825b4357 Remove default JSON logging format registration from component-base/logs package 2021-06-24 20:37:09 +08:00
Jan Safranek
d3dfe124da Update mounter interface in volume manager 
Update mounter interface in volume manager's ActualStateOfWorld every time.
Otherwise kubelet uses the first mounter it gets, which may not have the
latest information.

This fixes set up of CSI volumes, which store information about SELinux
support in their `mounter` interface implementation. With each MountVolume()
retry, a new mounter is instantiated and only the final mounter that succeeds
has the right info if the volume supports SELinux or not and can later
return the right attributes on GetAttributes() call.
 2021-06-24 14:11:31 +02:00
Rishabh Jain
8f08db9164 Change log level to Debug 2021-06-24 14:23:06 +05:30
Kenta Tada
89a4d4b071 kubelet: modify the function of getCgroupSubsystemsV2 to use libcontainer API 2021-06-24 16:58:05 +09:00
Shiming Zhang
97bcfbd674 Allow the actual inhibit delay to be greater than the expected inhibit delay 2021-06-24 14:11:58 +08:00
Ryan Phillips
d9be5abc37 kubelet: add shutdown events 2021-06-23 16:44:19 -05:00
sanwishe
43f8f58895 add containers starttime metrics for metrics/resource endpoint 
Signed-off-by: sanwishe <jiang.mingzhi35@zte.com.cn>
 2021-06-24 02:53:21 +08:00
Sascha Grunert
8b7003aff4 Add SeccompDefault feature 
This adds the gate `SeccompDefault` as new alpha feature. Seccomp path
and field fallbacks are now passed to the helper functions, whereas unit
tests covering those code paths have been added as well.

Beside enabling the feature gate, the feature has to be enabled by the
`SeccompDefault` kubelet configuration or its corresponding
`--seccomp-default` CLI flag.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Apply suggestions from code review

Co-authored-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-06-23 10:22:57 +02:00
Sahil Raja
992993257d Removed usage of github.com/pkg/errors 
Signed-off-by: Sahil Raja <sahilraja242@gmail.com>
 2021-06-23 08:07:05 +05:30
Kubernetes Prow Robot
985ac8ae50 Merge pull request #101030 from cynepco3hahue/pod_resources_memory_interface 
Extend pod resource API response to return the information from memory manager
 2021-06-22 06:35:58 -07:00
Artyom Lukianov
03830db82d Implement all necessary methods to provide memory manager data under pod resources metrics 
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
 2021-06-22 13:06:32 +03:00
Artyom Lukianov
24023f9fcc Extend pod resource API response to return the memory manager information 
Signed-off-by: Artyom Lukianov <alukiano@redhat.com>
 2021-06-22 12:59:04 +03:00
Kubernetes Prow Robot
e154a6d637 Merge pull request #102455 from lunhuijie/addTestHelpers 
Add test cases to the addAllocatableThresholds function in pkg/kubelet/eviction/helpers.go
 2021-06-21 19:23:57 -07:00
Kubernetes Prow Robot
3bd29bc53d Merge pull request #102829 from snowplayfire/update-devicemanager 
Add resource capacity to ListAndWatch grpc logging
 2021-06-21 16:28:09 -07:00
Kubernetes Prow Robot
844fa00c5e Merge pull request #102725 from 249043822/br-podworker 
Fix:slow memory leak may be in kubelet podworkers.isWorking
 2021-06-21 16:27:57 -07:00
Kubernetes Prow Robot
62fdaabe82 Merge pull request #102635 from charlesxsh/fix-linux-test 
fix a potential deadlock in graceful node shutdown unit tests
 2021-06-21 16:27:45 -07:00
Sahil Raja
8eee78a61f Update github.com/pkg/errors to go native errors pkg 
Signed-off-by: Sahil Raja <sahil.raja@mayadata.io>
 2021-06-21 23:03:14 +05:30
gy95
7b98a0770f remove not used IsStaticPod, prevent possible panic 2021-06-21 19:38:40 +08:00
Kubernetes Prow Robot
4afb72a863 Merge pull request #100183 from jsafrane/fix-unstage-retry 
Mark volume as uncertain after Unmount* fails
 2021-06-18 11:04:06 -07:00
jingxueli
45d18acbcc add info for possible failed listAndWatch grpc call 2021-06-17 16:25:20 +08:00
Kubernetes Prow Robot
2d7a20fcd6 Merge pull request #102840 from Kissy/issue-102820 
Improve terminated pod message when node is shutting down
 2021-06-16 12:48:12 -07:00
Jan Safranek
d5da73032f Add unit test for DSWP with uncertain volume 
desiredStateOfWorldPopulator.findAndRemoveDeletedPods() should remove
volumes from DSW when a pod is deleted on the API server and the volume is
uncertain in ASW.
 2021-06-16 18:41:44 +02:00
Jan Safranek
f795b02f4f Refactor dswp unit tests 
Change existing desiredStateOfWorldPopulator.findAndAddNewPods tests to use
a common initialization function.
 2021-06-16 18:41:43 +02:00
Jan Safranek
2fcb5e9cf7 Add PodRemovedFromVolume 
To know when a volume has been fully unmounted (incl. uncertain mounts).
 2021-06-16 18:41:41 +02:00
Jan Safranek
ca934b8f5c Add GetPossiblyMountedVolumesForPod to let kubelet know all volumes were unmounted 
podVolumesExist() should consider also uncertain volumes (where kubelet
does not know if a volume was fully unmounted) when checking for pod's
volumes. Added GetPossiblyMountedVolumesForPod for that.

Adding uncertain mounts to GetMountedVolumesForPod would potentially break
other callers (e.g. `verifyVolumesMountedFunc`).
 2021-06-16 18:39:12 +02:00
Elana Hashman
9469756b6c Ensure kubelet statuses can handle loss of container runtime state 2021-06-15 11:12:55 -07:00
Lee Verberne
30d2ad576a Remove ManagedPod,ManagedContainer metrics 
This replaces the generic ManagedPod and ManagedContainer kubelet
metrics with a gauge to track only ephemeral container usage.
 2021-06-15 19:02:07 +02:00