Remove mentions about admission controllers from doc comments for PodGroupTemplate.Priority and PodGroupTemplate.PriorityClassName
Kubernetes-commit: 2a419be78ae256ef719071c6ae3bd46cb39b5b81
Updates golang.org/x/net to v0.55.1-0.20260602153038-42abb857022c to pick up
the go1.27 http2 "wrap" fixes:
- CL 782940 (golang/go#79642): configureServer registers the h2 and http/1.1
ALPN protocols on s.TLSConfig.
- CL 785900 (golang/go#79778): ConfigureTransport/ConfigureTransports enable
HTTP/2 on the transport and keep TLSClientConfig non-nil.
With both, the kube-apiserver secure-serving path and the client-go / apiserver
HTTP/2 clients negotiate HTTP/2 under go1.27 with no Kubernetes-side changes;
no workaround is needed.
Gerrit: https://go-review.googlesource.com/c/net/+/782940
Gerrit: https://go-review.googlesource.com/c/net/+/785900
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 544a4612cd73250f69e6a95f4b3de8b94112e594
Fixes ci-kubernetes-e2e-kind-golang-tip and ci-kubernetes-unit-golang-tip,
which started failing under Go tip identifying as go1.27 with:
vendor/google.golang.org/grpc/internal/transport/handler_server.go:271:18:
undefined: http2.TrailerPrefix
In x/net v0.54.0, TrailerPrefix was defined only in http2/server.go, which
carries `//go:build !(go1.27 && !http2legacy)` and is therefore excluded
under go1.27. Upstream golang/net commit 1efab4271a moved TrailerPrefix
(and other symbols accidentally dropped by the go1.27 server wrapper) into
common files. That fix is released in v0.55.0.
Tracked in https://github.com/kubernetes/kubernetes/issues/139257
Kubernetes-commit: d7c6b52ac4b6387d740af2fea7f1dd007d71c64c
Add a new field GenerateKey in the Config struct that allows
the user to set a custom function that would generate
a private key of their choice.
If the field is not set, the default remains:
ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
Add unit tests for this code path, with key fixtures
and function overloading to avoid additional key generation.
Enforce minimum bits on the generated keys to ensure
they are secure with the function validateKeyStrength().
For RSA the minimum key size is 2048, for ECDSA the minimum
curve bits are 256. Unit test this function too.
Kubernetes-commit: dec94de30f90f7e7e2859701ffce79ef8b137e3d
This only changes tests to drop gopkg.in/check.v1, which helps our
dependency tree a little.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Kubernetes-commit: edf0df348c217271f4ed7acee3b436c27e71df88
Updates k8s.io/kube-openapi across all staging modules and vendors the new
revision. Key changes upstream:
- builder/openapi.go, builder3/openapi.go: use common.EscapeJsonPointer()
when keying definition names into swagger.Definitions / spec.Components.Schemas,
fixing incorrect lookups for types whose names contain JSON-Pointer-reserved
characters (e.g. '/', '~').
- pkg/generators/apidefinitions/loader.go (new): LoadAPIVersion() reads an
apiversion.yaml from a source-tree directory and validates its TypeMeta,
providing a declarative way to describe API versions in-tree.
- pkg/generators/apidefinitions/types.go (new): APIVersion type that carries
the schemeGroupVersion / kindAPIVersion metadata consumed by the loader.
- pkg/generators/config.go, openapi.go, model_names.go: minor generator
improvements accompanying the apidefinitions loader addition.
- pkg/generators/rules/list_type_streaming_tags.go: streaming-tag rule fix.
- pkg/schemaconv/openapi.go, proto_models.go: schema conversion cleanups.
- pkg/validation/validate/result.go: validation result cleanup.
Previous version: v0.0.0-20260317180543-43fb72c5454a
New version: v0.0.0-20260502001324-b7f5293f4787
Kubernetes-commit: eaf347cecb168ee85fc77ffc9a5cda4eb99ce1ca
The v1.VolumeMount.MountPath doc claims the path must not contain
':', but the validator does not enforce this. The internal type in
pkg/apis/core/types.go carries no such constraint, and existing
TestValidateVolumeMounts success cases use mountPath values like "d:",
"F:", and "G:\mount".
This is a doc-only change. The validator is unchanged; the public doc
now matches what the validator actually accepts. Regenerated proto and
openapi snapshots to propagate the doc update.
Signed-off-by: Kimon N. <nkimon00@gmail.com>
Kubernetes-commit: 6691ecaf2f5ce3076f3c61eca5355cc99535d1bd
Bump go-openapi dependencies to latest versions:
- github.com/go-openapi/jsonpointer v0.21.0 → v0.22.4
- github.com/go-openapi/jsonreference v0.20.2 → v0.21.4
- github.com/go-openapi/swag v0.23.0 → v0.25.4
The new swag version has been restructured into a multi-module monorepo
with submodules (cmdutils, conv, fileutils, jsonname, jsonutils, loading,
mangling, netutils, stringutils, typeutils, yamlutils). As a result:
- mailru/easyjson and josharian/intern are no longer transitive deps
and have been removed from vendor
- go-openapi/jsonpointer and go-openapi/swag no longer reference
unwanted deps davecgh/go-spew, mailru/easyjson, or gopkg.in/yaml.v3
- Updated hack/unwanted-dependencies.json accordingly
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 693dc57f5753ce69f7d3f49f26bfefc9554e47e6
Fixes CVE-2026-33814 (golang/go#78476): HTTP/2 Transport hangs
indefinitely when a peer sends a SETTINGS frame with MaxFrameSize=0.
This is reachable from kube-apiserver's OIDC, admission webhook,
and aggregated API client paths.
Kubernetes-commit: 12a2470693d86f63f4614048ffdd43dc393dd7e0
Add a separate AnnotatedEventRecorder interface with an AnnotatedEventf
method that allows attaching annotations to events at creation time.
Implement it in recorderImpl, FakeRecorder, and EventRecorderAdapter.
Add a Verbose option to FakeRecorder that optionally includes action,
object kind/apiVersion, and annotations in event output. The default
format is unchanged.
Signed-off-by: Adrian Fernandez De La Torre <adri1197@gmail.com>
Kubernetes-commit: 31fe350b2b2065b49752adb4f68f1ea1c282058e
When CEL expressions access non-existent map keys, add a helpful hint
suggesting optional chaining (.? followed by orValue()) or has() macro.
Kubernetes-commit: 5e2d5b9a621109bd89f2dbc4092e0123ab500c85
clean up and update the OWNERS files under client-go so people that
is no longer active is moved to emeritus.
Kubernetes-commit: d4913ecba2f3c426257515c1de6c668d21ea7079
Introduce the ResourcePoolStatusRequest resource type in the
resource.k8s.io/v1alpha3 API group, gated behind the
DRAResourcePoolStatus feature gate. This includes external and internal
type definitions, protobuf/OpenAPI generated code, client-go typed
clients, informers, listers, apply configurations, deepcopy, defaults,
conversion, fuzzer, declarative validation tags, and API discovery
metadata.
Kubernetes-commit: 29601b8628ac8ea512960bc373511ae46888e502
Bump k8s.io/kube-openapi to pick up kubernetes/kube-openapi#579 which
moved the last ginkgo/gomega tests to stdlib testing and ran go mod
tidy, removing ginkgo/gomega from kube-openapi's go.mod.
This drops ginkgo/gomega as indirect deps from apimachinery. It also
prunes Masterminds/semver, google/pprof, and golang.org/x/tools from
client-go and other staging modules where they were only needed
through kube-openapi's ginkgo/gomega chain.
Contributes to kubernetes/kubernetes#127888
Kubernetes-commit: 56cd74d879f1ba11aadcff95326f17a1cc2c82ef
KEP-5732: Add SchedulingConstraints to PodGroup API and use them in TopologyPlacement plugin
Kubernetes-commit: 299ab0d68a9d70b3c39d63210de47ac01d18e74b
The "Failed to update lease optimistically, falling back to slow path"
message was logged at Error level, but this is expected behavior during
normal leader election when the optimistic update encounters a conflict.
The system gracefully falls back to the slow path (Get + Update), so
this is not a real error. Downgrade to V(2) Info to reduce log noise.
Kubernetes-commit: 04977a0ea4592bfaa70d5095a4cfe99dd4b847e1
Add plugin to generate placements based on scheduling constraints
Co-authored-by: Antoni Zawodny <zawodny@google.com>
Kubernetes-commit: d9da8c7c4a25cee553720737fdec07006e063da1
cri streaming option a hardcut - add new staging repositories `streaming` and `cri-streaming`
Kubernetes-commit: 2bd6c7fe3cb8663804dc6e7672ff01aeebc97274
* Drop WorkloadRef field and introduce SchedulingGroup field in Pod API
* Introduce v1alpha2 Workload and PodGroup APIs, drop v1alpha1 Workload API
Co-authored-by: yongruilin <yongrlin@outlook.com>
* Run hack/update-codegen.sh
* Adjust kube-scheduler code and integration tests to v1alpha2 API
* Drop v1alpha1 scheduling API group and run make update
---------
Co-authored-by: yongruilin <yongrlin@outlook.com>
Kubernetes-commit: 3f094dc228318b89f1fef313543b960e35ca6e3e
klog hasn't been updated in Kubernetes for a few releases. Several
enhancements have accumulated that are worth having.
Kubernetes-commit: 56e0565c113107bdea398b075aba5bdef43489ed
Update google.golang.org/protobuf to v1.36.12-0.20260120151049-f2248ac996af to prevent file size explosion in go 1.26
Kubernetes-commit: 77c013637cb40e1b5d2b26664dc7b297f1ff2693
When watch.Broadcaster.Shutdown() is called it drains all queued events
then calls closeAll(), which closes every watcher's result channel.
eventBroadcasterImpl.Shutdown() calls Broadcaster.Shutdown() first,
then calls the cancellation context's cancel() function. Between those
two steps there is a window in which the result channel is closed while
the cancellation context is still live.
Without the two-value channel receive the goroutine in StartEventWatcher
would spin on the already-closed channel: each select iteration
immediately receives the zero-value watch.Event, the type assertion
fails (nil interface, ok == false), and the loop continues burning CPU
until the select scheduler eventually picks the cancelationCtx.Done()
case.
Guard against this by reading the ok boolean from the channel receive:
case watchEvent, ok := <-watcher.ResultChan():
if !ok {
return
}
This is the correct and idiomatic Go pattern for a channel that may be
closed by its producer. Note that when this return path is taken the
broadcaster has already delivered every queued event (Broadcaster.Shutdown
blocks until the distribute loop exits before closeAll runs), so no
events are silently dropped.
Add a regression test (TestStartEventWatcherExitsOnDirectShutdown) that
creates a broadcaster without an external context so Shutdown() is
fully synchronous, starts a watcher, and verifies the goroutine exits
cleanly via goleak.VerifyNone.
Signed-off-by: Rajneesh180 <rajneeshrehsaan48@gmail.com>
Kubernetes-commit: 95c15b54069922b0a66c198a064577ea0a160694
[Declarative Validation] Bring `k8s:maxLength` tag in line with OpenAPI `maxLength` validation semantics
Kubernetes-commit: e08e598df07bc929679ef046418992a8205da18f
* Promote MutableCSINodeAllocatableCount to GA
Signed-off-by: Eddie Torres <torredil@amazon.com>
* Lock MutableCSINodeAllocatableCount feature gate to default
Signed-off-by: Eddie Torres <torredil@amazon.com>
---------
Signed-off-by: Eddie Torres <torredil@amazon.com>
Kubernetes-commit: 41bb4b6a8b4e0f15ab7ffcc6369c68bc599fb957
The change introduced in 59cd1d0b3bb378f40a639e21b615f4df1d4a5a14
causes PollUntilContextTimeout to call the condition function even when
the context is canceled already. This is unnecessary in our case and
only leads to one extra loop of processing and extra error messages.
This change makes the renew loop behave like it did before the change.
Kubernetes-commit: aa494f8174d745c3d9842f3d48272a3c2d6dcbcc
In practice, TimeAdded is managed by the API server. When admins used
DeviceTaintRule to simulate eviction, then change the effect to really evict,
it is useful to calculate tolerations based on the time when that second
update happened. Therefore the TimeAdded field gets bumped automatically
when changing the effect.
Kubernetes-commit: f28dc4139208e64fe2882cd44d548c25020f2e3a
The error returned from Until() is solely from context cancellation
which is expected behavior when the reflector is stopped. Logging
this as an error (or even at V(4)) creates unnecessary noise.
Kubernetes-commit: cc483208aa306b8c4078d4118cf78a10e58481ec
It's GA now. To regenerate the files I did:
make WHAT=cmd/kube-apiserver
make update
While we are there, remove the reference that the field is alpha.
Signed-off-by: Rodrigo Campos <rodrigo@amutable.com>
Kubernetes-commit: 8db51091e82490bccc0018763ba7e05ffb8ab458
This is just a sed to remove the old data from the text fixtures too.
While two files are clearly test data given that they include testdata
in their name, these two is not so obvious but are also test data:
* openapi/swagger-with-shared-parameters.json: is referenced in "staging/src/k8s.io/cli-runtime/pkg/resource/query_param_verifier_test.go",
in particular in this part: ´filepath.Join("..", "..", "artifacts", "openapi", "swagger-with-shared-parameters.json")´
* batch.k8s.io_v1.json: is in
`staging/src/k8s.io/kubectl/pkg/explain/v2/templates/plaintext_test.go`,
in a "//go:embed batch.k8s.io_v1.json".
Signed-off-by: Rodrigo Campos <rodrigo@amutable.com>
Kubernetes-commit: 8d0f80e4ed87658c0e05b9db0690927547be6ad5
When debugging, it helps to keep output from different connections
separate. This can be done with contextual logging and using different loggers
for each connection.
Cancellation is handled separately for requests. Therefore the new APIs only
add support for passing a logger instance.
Kubernetes-commit: a325a4223395dfa71005b8e5dd8ea60bd91d9329
2024-12-04 15:21:11 +01:00
395 changed files with 8507 additions and 3029 deletions
// spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
// NodeAllocatableResourceClaimStatusApplyConfiguration constructs a declarative configuration of the NodeAllocatableResourceClaimStatus type for use with
@@ -162,7 +162,7 @@ type VolumeSourceApplyConfiguration struct {
// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
// The volume will be mounted read-only (ro) and non-executable files (noexec).
// The volume will be mounted read-only (ro).
// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
// addressType specifies the type of address carried by this EndpointSlice.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
