github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
109,996 Commits 1 Branch 31 Tags 1,019 MiB
ff1f525511
Commit Graph

10171 Commits

Author SHA1 Message Date
Dixita Narang
ff1f525511 Setting LockToDefault as true for KubeletCredentialProviders feature, and removing conditions that check if the feature is enabled since now the feature is enabled by default 2022-09-29 16:42:48 +00:00
Dixita Narang
9c3cb6e66d Fixing boilerplate header 2022-09-16 21:20:30 +00:00
Dixita Narang
4cc741955c Adding default values for v1 credential provider config 2022-09-09 06:11:15 +00:00
Dixita Narang
977a8ebb3a Renaming usage of v1beta1 to v1, and adding API violation exceptions and 
vendor module for v1
 2022-09-09 06:11:06 +00:00
Kubernetes Prow Robot
052bfc35b2
Merge pull request #110390 from major1201/fix_kubelet_test 
fix defer in loop and optimize test cases with explicit field name
 2022-08-23 16:04:37 -07:00
Kubernetes Prow Robot
17dd76f5d4
Merge pull request #108832 from waynepeking348/fix_bugs_of_container_cpu_shares 
fix bugs of container cpu shares when cpu request set to zero
 2022-08-23 16:04:03 -07:00
Jan Safranek
f9c7ce5b9c Add unit tests for DesiredStateOfWorldPopulator 2022-08-04 10:51:59 +02:00
Jan Safranek
260912490e Add a coment about handling same volumes with different contexts 2022-08-04 10:51:56 +02:00
Jan Safranek
a01e720a1a Rename IsRWOP 
To be able to update content of the function to other access modes when we
implement SELinux mount for more of them.
 2022-08-04 10:51:54 +02:00
Jan Safranek
1490d51028 Remove noisy log 
The error would be logged every reconciler sync (100 ms).
 2022-08-04 10:51:53 +02:00
Jan Safranek
0793ecee3a Add unit tests for ASW.AddPodToVolume 2022-08-04 10:51:52 +02:00
Jan Safranek
17d850ee0e Add interface for SELinuxOptionsToFileLabel 
github.com/opencontainers/selinux/go-selinux needs OS that supports SELinux
and SELinux enabled in it to return useful data, therefore add an interface
in front of it, so we can mock its behavior in unit tests.
 2022-08-04 10:51:51 +02:00
Jan Safranek
d9f792633d Add AddPodToVolume unit tests with SELinux 2022-08-04 10:51:50 +02:00
Jan Safranek
8d6b721ddd Extract SELinux context error handling into a common func 
Add handlerSELinuxMetricError() which bumps the right metric + either
consumes a SELinux error or lets it propagate up the stack.
 2022-08-04 10:51:48 +02:00
Jan Safranek
49148ddfd0 Extract getSELinuxLabel from AddPodToVolume 
To keep the function smaller.
 2022-08-04 10:51:46 +02:00
Jan Safranek
de7f5b66ed Fix existing unit tests 2022-08-04 10:51:44 +02:00
Jan Safranek
b2e18c0b20 Add metrics for SELinux context mount 
Add separate _errors and _warnings to capture volumes that were rejected
from those will be rejected when the feature is expanded to all access
mode.
 2022-08-04 10:51:43 +02:00
Jan Safranek
48b0751269 Add SELinux context tracking to volume manager 
Both ActualStateOfWorld and DesiredStateOfWorld must track SELinux context
of volume mounts.
 2022-08-04 10:51:41 +02:00
Kubernetes Prow Robot
442574f3a7
Merge pull request #111513 from jingxu97/july/localstorage 
Promote Local storage capacity isolation feature to GA
 2022-08-03 13:05:59 -07:00
Kubernetes Prow Robot
4b6134b6dc
Merge pull request #111090 from kinvolk/rata/userns-support-2022 
Add support for user namespaces phase 1 (KEP 127)
 2022-08-03 13:05:47 -07:00
Rodrigo Campos
138e80819e kubelet: set user namespace options 
Set the user namespace options to use for the pod.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
67b38ffe6e kubelet: propagate errors from namespacesForPod 
it is a preparatory change for the next commit.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
d07c2688fe kubelet: add GetHostIDsForPod() 
In future commits we will need this to set the user/group of supported
volumes of KEP 127 - Phase 1.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
9b2fc639a0 kubelet: add GetUserNamespaceMappings to RuntimeHelper 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
63462285d5 kubelet: add userns manager 
it is used to allocate and keep track of the unique users ranges
assigned to each pod that runs in a user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
jinxu
0064010cdd Promote Local storage capacity isolation feature to GA 
This change is to promote local storage capacity isolation feature to GA

At the same time, to allow rootless system disable this feature due to
unable to get root fs, this change introduced a new kubelet config
"localStorageCapacityIsolation". By default it is set to true. For
rootless systems, they can set this configuration to false to disable
the feature. Once it is set, user cannot set ephemeral-storage
request/limit because capacity and allocatable will not be set.

Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
 2022-08-02 23:45:48 -07:00
Vinay Kulkarni
007d93ad08 Handle UpdateContainerResources for Windows in v1alpha2 2022-08-02 15:31:00 -07:00
Vinay Kulkarni
0ef263c3b0 CRI changes to support implementation of in-place pod resize. 
KEP: /enhancements/keps/sig-node/1287-in-place-update-pod-resources
 2022-08-02 15:08:25 -07:00
Kubernetes Prow Robot
8f3b2813dc
Merge pull request #111642 from harche/evented_pleg_cri_changes 
Update CRI API to support Evented PLEG
 2022-08-02 13:59:16 -07:00
Kubernetes Prow Robot
369a465fae
Merge pull request #111301 from mattcary/migration-feature 
Upgrade CSIMigrationGCE feature gate to GA
 2022-08-02 13:58:57 -07:00
Kubernetes Prow Robot
9fb1f67af7
Merge pull request #111278 from arpitsardhana/master 
KEP-3327: Add CPUManager policy option to align CPUs by Socket instead of by NUMA node
 2022-08-02 13:58:45 -07:00
Kubernetes Prow Robot
d40bc18461
Merge pull request #105126 from sallyom/tracing-kubelet 
kubelet tracing instrumentation
 2022-08-02 11:38:06 -07:00
Harshal Patil
668b2440c5 Update CRI API to support Evented PLEG 
Signed-off-by: Harshal Patil <harpatil@redhat.com>
 2022-08-03 00:01:13 +05:30
Arpit Singh
d92fd8392d Adding unit test for align-by-socket policy option 
Also addressed MR comments as part of same commit.
 2022-08-02 11:02:07 -07:00
Arpit Singh
06f347f645 Adding validity checks for topology manager align-by-socket 2022-08-02 11:02:07 -07:00
Arpit Singh
35849bf7fb KEP-3327: Add CPUManager policy option to align CPUs by Socket instead of by NUMA node 2022-08-02 11:02:07 -07:00
Matthew Cary
e5d387c5d6 Upgrade CSIMigrationGCE feature gate to GA 
Change-Id: I620bc4913765c0d6562eb1008216a72e8b0a2970
 2022-08-02 09:14:27 -07:00
Michal Wozniak
04fcbd721c Introduction of a pod condition type indicating disruption. Its reason field indicates the reason: 
- PreemptionByKubeScheduler (Pod preempted by kube-scheduler)
- DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint)
- EvictionByEvictionAPI (Pod evicted by Eviction API)
- DeletionByPodGC (an orphaned Pod deleted by PodGC)PreemptedByScheduler (Pod preempted by kube-scheduler)
 2022-08-02 11:12:16 +02:00
Kubernetes Prow Robot
ea21947641
Merge pull request #111426 from ping035627/k8s-220726 
Update design-proposals URL
 2022-08-01 23:50:30 -07:00
PingWang
473be65a3c Update design-proposals URL 
Signed-off-by: PingWang <wang.ping5@zte.com.cn>

update url

Signed-off-by: PingWang <wang.ping5@zte.com.cn>
 2022-08-02 09:13:38 +08:00
Kubernetes Prow Robot
2e1a4da8df
Merge pull request #111358 from ddebroy/hasnet1 
Introduce PodHasNetwork condition for pods
 2022-08-01 15:04:52 -07:00
Kubernetes Prow Robot
acc64759f5
Merge pull request #111549 from claudiubelu/log-compression 
Fixes kubelet log compression on Windows
 2022-08-01 13:18:41 -07:00
Sally O'Malley
9e4e0bb48a
add runtime-service test with tracerProvider 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
 2022-08-01 12:55:21 -04:00
Sally O'Malley
0d558c51b5
add otelrestful restful.FilterFunction 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
 2022-08-01 12:55:19 -04:00
Sally O'Malley
7585aae1b4
kubelet-tracing:update 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
 2022-08-01 12:55:16 -04:00
Sally O'Malley
5b4456ceea
kubelet tracing: generated files 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
 2022-08-01 12:55:14 -04:00
Sally O'Malley
47e7d8034f
kubelet tracing 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
Co-authored-by: David Ashpole <dashpole@google.com>
 2022-08-01 12:55:02 -04:00
Deep Debroy
dfdf8245bb Introduce PodHasNetwork condition for pods 
Signed-off-by: Deep Debroy <ddebroy@gmail.com>
 2022-08-01 09:51:43 -07:00
Kubernetes Prow Robot
ef8e7c471e
Merge pull request #110291 from danwinship/kep-3178-iptables-cleanup-kubelet 
Implement KEP-3178 "iptables cleanup" in kubelet
 2022-08-01 07:50:40 -07:00
Sascha Grunert
584783ee9f
Partly remove support for seccomp annotations 
We now partly drop the support for seccomp annotations which is planned
for v1.25 as part of the KEP:

https://github.com/kubernetes/enhancements/issues/135

Pod security policies are not touched by this change and therefore we
have to keep the annotation key constants.

This means we only allow the usage of the annotations for backwards
compatibility reasons while the synchronization of the field to
annotation is no longer supported. Using the annotations for static pods
is also not supported any more.

Making the annotations fully non-functional will be deferred to a
future release.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2022-08-01 09:19:29 +02:00