diff --git a/api/api-rules/violation_exceptions.list b/api/api-rules/violation_exceptions.list index 278b6f8a8c4..d65befb0fd9 100644 --- a/api/api-rules/violation_exceptions.list +++ b/api/api-rules/violation_exceptions.list @@ -349,6 +349,10 @@ API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1beta2,Exten API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1beta3,ExtenderTLSConfig,CAData API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1beta3,ExtenderTLSConfig,CertData API rule violation: list_type_missing,k8s.io/kube-scheduler/config/v1beta3,ExtenderTLSConfig,KeyData +API rule violation: list_type_missing,k8s.io/kubelet/config/v1,CredentialProvider,Args +API rule violation: list_type_missing,k8s.io/kubelet/config/v1,CredentialProvider,Env +API rule violation: list_type_missing,k8s.io/kubelet/config/v1,CredentialProvider,MatchImages +API rule violation: list_type_missing,k8s.io/kubelet/config/v1,CredentialProviderConfig,Providers API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProvider,Args API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProvider,Env API rule violation: list_type_missing,k8s.io/kubelet/config/v1alpha1,CredentialProvider,MatchImages diff --git a/hack/.import-aliases b/hack/.import-aliases index ea5bbde09b0..49843e89333 100644 --- a/hack/.import-aliases +++ b/hack/.import-aliases @@ -45,6 +45,7 @@ "k8s.io/kubelet/apis/stats/v1alpha1": "kubeletstatsv1alpha1", "k8s.io/kubernetes/pkg/controller/apis/config/v1alpha1": "controllerconfigv1alpha1", "k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1": "kubeletconfigv1beta1", + "k8s.io/kubernetes/pkg/kubelet/apis/config/v1": "kubeletconfigv1", "k8s.io/kubelet/pkg/apis/deviceplugin/v1alpha": "kubeletdevicepluginv1alpha", "k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1": "kubeletdevicepluginv1beta1", "k8s.io/kubelet/pkg/apis/pluginregistration/v1": "kubeletpluginregistrationv1", diff --git a/pkg/credentialprovider/plugin/config_test.go b/pkg/credentialprovider/plugin/config_test.go index 6e6ef0f57d4..940109cc44d 100644 --- a/pkg/credentialprovider/plugin/config_test.go +++ b/pkg/credentialprovider/plugin/config_test.go @@ -229,6 +229,52 @@ providers: }, }, }, + { + name: "v1 config with multiple providers", + configData: `--- +kind: CredentialProviderConfig +apiVersion: kubelet.config.k8s.io/v1 +providers: + - name: test1 + matchImages: + - "registry.io/one" + defaultCacheDuration: 10m + apiVersion: credentialprovider.kubelet.k8s.io/v1 + - name: test2 + matchImages: + - "registry.io/two" + defaultCacheDuration: 10m + apiVersion: credentialprovider.kubelet.k8s.io/v1 + args: + - --v=5 + env: + - name: FOO + value: BAR`, + + config: &kubeletconfig.CredentialProviderConfig{ + Providers: []kubeletconfig.CredentialProvider{ + { + Name: "test1", + MatchImages: []string{"registry.io/one"}, + DefaultCacheDuration: &metav1.Duration{Duration: 10 * time.Minute}, + APIVersion: "credentialprovider.kubelet.k8s.io/v1", + }, + { + Name: "test2", + MatchImages: []string{"registry.io/two"}, + DefaultCacheDuration: &metav1.Duration{Duration: 10 * time.Minute}, + APIVersion: "credentialprovider.kubelet.k8s.io/v1", + Args: []string{"--v=5"}, + Env: []kubeletconfig.ExecEnvVar{ + { + Name: "FOO", + Value: "BAR", + }, + }, + }, + }, + }, + }, { name: "config with wrong Kind", configData: `--- diff --git a/pkg/credentialprovider/plugin/plugin.go b/pkg/credentialprovider/plugin/plugin.go index 5e6db98b465..dc458634eeb 100644 --- a/pkg/credentialprovider/plugin/plugin.go +++ b/pkg/credentialprovider/plugin/plugin.go @@ -38,10 +38,12 @@ import ( "k8s.io/klog/v2" credentialproviderapi "k8s.io/kubelet/pkg/apis/credentialprovider" "k8s.io/kubelet/pkg/apis/credentialprovider/install" + credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1" credentialproviderv1alpha1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1" credentialproviderv1beta1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1" "k8s.io/kubernetes/pkg/credentialprovider" kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config" + kubeletconfigv1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1" kubeletconfigv1alpha1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1alpha1" kubeletconfigv1beta1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1" "k8s.io/utils/clock" @@ -59,6 +61,7 @@ var ( apiVersions = map[string]schema.GroupVersion{ credentialproviderv1alpha1.SchemeGroupVersion.String(): credentialproviderv1alpha1.SchemeGroupVersion, credentialproviderv1beta1.SchemeGroupVersion.String(): credentialproviderv1beta1.SchemeGroupVersion, + credentialproviderv1.SchemeGroupVersion.String(): credentialproviderv1.SchemeGroupVersion, } ) @@ -67,6 +70,7 @@ func init() { kubeletconfig.AddToScheme(scheme) kubeletconfigv1alpha1.AddToScheme(scheme) kubeletconfigv1beta1.AddToScheme(scheme) + kubeletconfigv1.AddToScheme(scheme) } // RegisterCredentialProviderPlugins is called from kubelet to register external credential provider diff --git a/pkg/credentialprovider/plugin/plugin_test.go b/pkg/credentialprovider/plugin/plugin_test.go index 68d0bee804c..1f02992b11d 100644 --- a/pkg/credentialprovider/plugin/plugin_test.go +++ b/pkg/credentialprovider/plugin/plugin_test.go @@ -30,6 +30,7 @@ import ( "k8s.io/apimachinery/pkg/util/rand" "k8s.io/client-go/tools/cache" credentialproviderapi "k8s.io/kubelet/pkg/apis/credentialprovider" + credentialproviderv1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1" credentialproviderv1alpha1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1" credentialproviderv1beta1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1" "k8s.io/kubernetes/pkg/credentialprovider" @@ -432,6 +433,16 @@ func Test_encodeRequest(t *testing.T) { Image: "test.registry.io/foobar", }, expectedData: []byte(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1beta1","image":"test.registry.io/foobar"} +`), + expectedErr: false, + }, + { + name: "successful with v1", + apiVersion: credentialproviderv1.SchemeGroupVersion, + request: &credentialproviderapi.CredentialProviderRequest{ + Image: "test.registry.io/foobar", + }, + expectedData: []byte(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1","image":"test.registry.io/foobar"} `), expectedErr: false, }, @@ -474,6 +485,23 @@ func Test_decodeResponse(t *testing.T) { expectedResponse *credentialproviderapi.CredentialProviderResponse expectedErr bool }{ + { + name: "success with v1", + data: []byte(`{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1","cacheKeyType":"Registry","cacheDuration":"1m","auth":{"*.registry.io":{"username":"user","password":"password"}}}`), + expectedResponse: &credentialproviderapi.CredentialProviderResponse{ + CacheKeyType: credentialproviderapi.RegistryPluginCacheKeyType, + CacheDuration: &metav1.Duration{ + Duration: time.Minute, + }, + Auth: map[string]credentialproviderapi.AuthConfig{ + "*.registry.io": { + Username: "user", + Password: "password", + }, + }, + }, + expectedErr: false, + }, { name: "success with v1beta1", data: []byte(`{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1beta1","cacheKeyType":"Registry","cacheDuration":"1m","auth":{"*.registry.io":{"username":"user","password":"password"}}}`), diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 5a0dbd7e81a..e375e9c820b 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -485,6 +485,7 @@ const ( // owner: @andrewsykim @adisky // alpha: v1.20 // beta: v1.24 + // ga: v1.25 // // Enable kubelet exec plugins for image pull credentials. KubeletCredentialProviders featuregate.Feature = "KubeletCredentialProviders" @@ -1019,7 +1020,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS JobTrackingWithFinalizers: {Default: true, PreRelease: featuregate.Beta}, - KubeletCredentialProviders: {Default: true, PreRelease: featuregate.Beta}, + KubeletCredentialProviders: {Default: true, PreRelease: featuregate.GA}, KubeletInUserNamespace: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/pkg/kubelet/apis/config/scheme/scheme.go b/pkg/kubelet/apis/config/scheme/scheme.go index 0a5ae0b5eea..a8120b5436c 100644 --- a/pkg/kubelet/apis/config/scheme/scheme.go +++ b/pkg/kubelet/apis/config/scheme/scheme.go @@ -20,6 +20,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config" + kubeletconfigv1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1" kubeletconfigv1beta1 "k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1" ) @@ -36,6 +37,9 @@ func NewSchemeAndCodecs(mutators ...serializer.CodecFactoryOptionsMutator) (*run if err := kubeletconfigv1beta1.AddToScheme(scheme); err != nil { return nil, nil, err } + if err := kubeletconfigv1.AddToScheme(scheme); err != nil { + return nil, nil, err + } codecs := serializer.NewCodecFactory(scheme, mutators...) return scheme, &codecs, nil } diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go index 0ec23416fab..dbe52a1bd70 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -595,6 +595,7 @@ type CredentialProvider struct { // MUST use the same encoding version as the input. Current supported values are: // - credentialprovider.kubelet.k8s.io/v1alpha1 // - credentialprovider.kubelet.k8s.io/v1beta1 + // - credentialprovider.kubelet.k8s.io/v1 APIVersion string // Arguments to pass to the command when executing it. diff --git a/pkg/kubelet/apis/config/v1/doc.go b/pkg/kubelet/apis/config/v1/doc.go new file mode 100644 index 00000000000..f4a6f4a6d4f --- /dev/null +++ b/pkg/kubelet/apis/config/v1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2022 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=k8s.io/kubernetes/pkg/kubelet/apis/config +// +k8s:conversion-gen-external-types=k8s.io/kubelet/config/v1 +// +k8s:defaulter-gen=TypeMeta +// +k8s:defaulter-gen-input=k8s.io/kubelet/config/v1 +// +groupName=kubelet.config.k8s.io + +package v1 // import "k8s.io/kubernetes/pkg/kubelet/apis/config/v1" diff --git a/pkg/kubelet/apis/config/v1/register.go b/pkg/kubelet/apis/config/v1/register.go new file mode 100644 index 00000000000..ec933333914 --- /dev/null +++ b/pkg/kubelet/apis/config/v1/register.go @@ -0,0 +1,33 @@ +/* +Copyright 2022 The Kubernetes Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + kubeletconfigv1 "k8s.io/kubelet/config/v1" +) + +// GroupName is the group name used in this package +const GroupName = "kubelet.config.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + +var ( + // localSchemeBuilder extends the SchemeBuilder instance with the external types. In this package, + // defaulting and conversion init funcs are registered as well. + localSchemeBuilder = &kubeletconfigv1.SchemeBuilder + // AddToScheme is a global function that registers this API group & version to a scheme + AddToScheme = localSchemeBuilder.AddToScheme +) diff --git a/pkg/kubelet/apis/config/v1/zz_generated.conversion.go b/pkg/kubelet/apis/config/v1/zz_generated.conversion.go new file mode 100644 index 00000000000..8c6ac6e0468 --- /dev/null +++ b/pkg/kubelet/apis/config/v1/zz_generated.conversion.go @@ -0,0 +1,144 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1 + +import ( + unsafe "unsafe" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" + v1 "k8s.io/kubelet/config/v1" + config "k8s.io/kubernetes/pkg/kubelet/apis/config" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*v1.CredentialProvider)(nil), (*config.CredentialProvider)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_CredentialProvider_To_config_CredentialProvider(a.(*v1.CredentialProvider), b.(*config.CredentialProvider), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*config.CredentialProvider)(nil), (*v1.CredentialProvider)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_config_CredentialProvider_To_v1_CredentialProvider(a.(*config.CredentialProvider), b.(*v1.CredentialProvider), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.CredentialProviderConfig)(nil), (*config.CredentialProviderConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_CredentialProviderConfig_To_config_CredentialProviderConfig(a.(*v1.CredentialProviderConfig), b.(*config.CredentialProviderConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*config.CredentialProviderConfig)(nil), (*v1.CredentialProviderConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_config_CredentialProviderConfig_To_v1_CredentialProviderConfig(a.(*config.CredentialProviderConfig), b.(*v1.CredentialProviderConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.ExecEnvVar)(nil), (*config.ExecEnvVar)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_ExecEnvVar_To_config_ExecEnvVar(a.(*v1.ExecEnvVar), b.(*config.ExecEnvVar), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*config.ExecEnvVar)(nil), (*v1.ExecEnvVar)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_config_ExecEnvVar_To_v1_ExecEnvVar(a.(*config.ExecEnvVar), b.(*v1.ExecEnvVar), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1_CredentialProvider_To_config_CredentialProvider(in *v1.CredentialProvider, out *config.CredentialProvider, s conversion.Scope) error { + out.Name = in.Name + out.MatchImages = *(*[]string)(unsafe.Pointer(&in.MatchImages)) + out.DefaultCacheDuration = (*metav1.Duration)(unsafe.Pointer(in.DefaultCacheDuration)) + out.APIVersion = in.APIVersion + out.Args = *(*[]string)(unsafe.Pointer(&in.Args)) + out.Env = *(*[]config.ExecEnvVar)(unsafe.Pointer(&in.Env)) + return nil +} + +// Convert_v1_CredentialProvider_To_config_CredentialProvider is an autogenerated conversion function. +func Convert_v1_CredentialProvider_To_config_CredentialProvider(in *v1.CredentialProvider, out *config.CredentialProvider, s conversion.Scope) error { + return autoConvert_v1_CredentialProvider_To_config_CredentialProvider(in, out, s) +} + +func autoConvert_config_CredentialProvider_To_v1_CredentialProvider(in *config.CredentialProvider, out *v1.CredentialProvider, s conversion.Scope) error { + out.Name = in.Name + out.MatchImages = *(*[]string)(unsafe.Pointer(&in.MatchImages)) + out.DefaultCacheDuration = (*metav1.Duration)(unsafe.Pointer(in.DefaultCacheDuration)) + out.APIVersion = in.APIVersion + out.Args = *(*[]string)(unsafe.Pointer(&in.Args)) + out.Env = *(*[]v1.ExecEnvVar)(unsafe.Pointer(&in.Env)) + return nil +} + +// Convert_config_CredentialProvider_To_v1_CredentialProvider is an autogenerated conversion function. +func Convert_config_CredentialProvider_To_v1_CredentialProvider(in *config.CredentialProvider, out *v1.CredentialProvider, s conversion.Scope) error { + return autoConvert_config_CredentialProvider_To_v1_CredentialProvider(in, out, s) +} + +func autoConvert_v1_CredentialProviderConfig_To_config_CredentialProviderConfig(in *v1.CredentialProviderConfig, out *config.CredentialProviderConfig, s conversion.Scope) error { + out.Providers = *(*[]config.CredentialProvider)(unsafe.Pointer(&in.Providers)) + return nil +} + +// Convert_v1_CredentialProviderConfig_To_config_CredentialProviderConfig is an autogenerated conversion function. +func Convert_v1_CredentialProviderConfig_To_config_CredentialProviderConfig(in *v1.CredentialProviderConfig, out *config.CredentialProviderConfig, s conversion.Scope) error { + return autoConvert_v1_CredentialProviderConfig_To_config_CredentialProviderConfig(in, out, s) +} + +func autoConvert_config_CredentialProviderConfig_To_v1_CredentialProviderConfig(in *config.CredentialProviderConfig, out *v1.CredentialProviderConfig, s conversion.Scope) error { + out.Providers = *(*[]v1.CredentialProvider)(unsafe.Pointer(&in.Providers)) + return nil +} + +// Convert_config_CredentialProviderConfig_To_v1_CredentialProviderConfig is an autogenerated conversion function. +func Convert_config_CredentialProviderConfig_To_v1_CredentialProviderConfig(in *config.CredentialProviderConfig, out *v1.CredentialProviderConfig, s conversion.Scope) error { + return autoConvert_config_CredentialProviderConfig_To_v1_CredentialProviderConfig(in, out, s) +} + +func autoConvert_v1_ExecEnvVar_To_config_ExecEnvVar(in *v1.ExecEnvVar, out *config.ExecEnvVar, s conversion.Scope) error { + out.Name = in.Name + out.Value = in.Value + return nil +} + +// Convert_v1_ExecEnvVar_To_config_ExecEnvVar is an autogenerated conversion function. +func Convert_v1_ExecEnvVar_To_config_ExecEnvVar(in *v1.ExecEnvVar, out *config.ExecEnvVar, s conversion.Scope) error { + return autoConvert_v1_ExecEnvVar_To_config_ExecEnvVar(in, out, s) +} + +func autoConvert_config_ExecEnvVar_To_v1_ExecEnvVar(in *config.ExecEnvVar, out *v1.ExecEnvVar, s conversion.Scope) error { + out.Name = in.Name + out.Value = in.Value + return nil +} + +// Convert_config_ExecEnvVar_To_v1_ExecEnvVar is an autogenerated conversion function. +func Convert_config_ExecEnvVar_To_v1_ExecEnvVar(in *config.ExecEnvVar, out *v1.ExecEnvVar, s conversion.Scope) error { + return autoConvert_config_ExecEnvVar_To_v1_ExecEnvVar(in, out, s) +} diff --git a/pkg/kubelet/apis/config/v1/zz_generated.deepcopy.go b/pkg/kubelet/apis/config/v1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..87181b43048 --- /dev/null +++ b/pkg/kubelet/apis/config/v1/zz_generated.deepcopy.go @@ -0,0 +1,22 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 diff --git a/pkg/kubelet/apis/config/v1/zz_generated.defaults.go b/pkg/kubelet/apis/config/v1/zz_generated.defaults.go new file mode 100644 index 00000000000..dac177e93bd --- /dev/null +++ b/pkg/kubelet/apis/config/v1/zz_generated.defaults.go @@ -0,0 +1,33 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/staging/src/k8s.io/kubelet/config/v1/doc.go b/staging/src/k8s.io/kubelet/config/v1/doc.go index 5644377d6c8..27df1a2441a 100644 --- a/staging/src/k8s.io/kubelet/config/v1/doc.go +++ b/staging/src/k8s.io/kubelet/config/v1/doc.go @@ -18,4 +18,4 @@ limitations under the License. // +k8s:openapi-gen=true // +groupName=kubelet.config.k8s.io -package v1beta1 // import "k8s.io/kubelet/config/v1beta1" +package v1 // import "k8s.io/kubelet/config/v1" diff --git a/staging/src/k8s.io/kubelet/config/v1/register.go b/staging/src/k8s.io/kubelet/config/v1/register.go index 22bdfbb4cba..5d7a8e8a21f 100644 --- a/staging/src/k8s.io/kubelet/config/v1/register.go +++ b/staging/src/k8s.io/kubelet/config/v1/register.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package v1 import ( "k8s.io/apimachinery/pkg/runtime" @@ -25,7 +25,7 @@ import ( const GroupName = "kubelet.config.k8s.io" // SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} var ( // SchemeBuilder is the scheme builder with scheme init functions to run for this API package @@ -37,8 +37,6 @@ var ( // addKnownTypes registers known types to the given scheme func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &KubeletConfiguration{}, - &SerializedNodeConfigSource{}, &CredentialProviderConfig{}, ) return nil diff --git a/staging/src/k8s.io/kubelet/config/v1/register_test.go b/staging/src/k8s.io/kubelet/config/v1/register_test.go index 7e45b544602..188b62a259d 100644 --- a/staging/src/k8s.io/kubelet/config/v1/register_test.go +++ b/staging/src/k8s.io/kubelet/config/v1/register_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package v1 import ( "testing" diff --git a/staging/src/k8s.io/kubelet/config/v1/types.go b/staging/src/k8s.io/kubelet/config/v1/types.go index 2504f2aa253..1b59a7d8dc6 100644 --- a/staging/src/k8s.io/kubelet/config/v1/types.go +++ b/staging/src/k8s.io/kubelet/config/v1/types.go @@ -1,5 +1,5 @@ /* -Copyright 2017 The Kubernetes Authors. +Copyright 2022 The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,882 +14,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package v1 import ( - v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - logsapi "k8s.io/component-base/logs/api/v1" ) -// HairpinMode denotes how the kubelet should configure networking to handle -// hairpin packets. -type HairpinMode string - -// Enum settings for different ways to handle hairpin packets. -const ( - // Set the hairpin flag on the veth of containers in the respective - // container runtime. - HairpinVeth = "hairpin-veth" - // Make the container bridge promiscuous. This will force it to accept - // hairpin packets, even if the flag isn't set on ports of the bridge. - PromiscuousBridge = "promiscuous-bridge" - // Neither of the above. If the kubelet is started in this hairpin mode - // and kube-proxy is running in iptables mode, hairpin packets will be - // dropped by the container bridge. - HairpinNone = "none" -) - -// ResourceChangeDetectionStrategy denotes a mode in which internal -// managers (secret, configmap) are discovering object changes. -type ResourceChangeDetectionStrategy string - -// Enum settings for different strategies of kubelet managers. -const ( - // GetChangeDetectionStrategy is a mode in which kubelet fetches - // necessary objects directly from apiserver. - GetChangeDetectionStrategy ResourceChangeDetectionStrategy = "Get" - // TTLCacheChangeDetectionStrategy is a mode in which kubelet uses - // ttl cache for object directly fetched from apiserver. - TTLCacheChangeDetectionStrategy ResourceChangeDetectionStrategy = "Cache" - // WatchChangeDetectionStrategy is a mode in which kubelet uses - // watches to observe changes to objects that are in its interest. - WatchChangeDetectionStrategy ResourceChangeDetectionStrategy = "Watch" - // RestrictedTopologyManagerPolicy is a mode in which kubelet only allows - // pods with optimal NUMA node alignment for requested resources - RestrictedTopologyManagerPolicy = "restricted" - // BestEffortTopologyManagerPolicy is a mode in which kubelet will favour - // pods with NUMA alignment of CPU and device resources. - BestEffortTopologyManagerPolicy = "best-effort" - // NoneTopologyManagerPolicy is a mode in which kubelet has no knowledge - // of NUMA alignment of a pod's CPU and device resources. - NoneTopologyManagerPolicy = "none" - // SingleNumaNodeTopologyManagerPolicy is a mode in which kubelet only allows - // pods with a single NUMA alignment of CPU and device resources. - SingleNumaNodeTopologyManagerPolicy = "single-numa-node" - // ContainerTopologyManagerScope represents that - // topology policy is applied on a per-container basis. - ContainerTopologyManagerScope = "container" - // PodTopologyManagerScope represents that - // topology policy is applied on a per-pod basis. - PodTopologyManagerScope = "pod" - // NoneMemoryManagerPolicy is a memory manager none policy, under the none policy - // the memory manager will not pin containers memory of guaranteed pods - NoneMemoryManagerPolicy = "None" - // StaticMemoryManagerPolicy is a memory manager static policy, under the static policy - // the memory manager will try to pin containers memory of guaranteed pods to the smallest - // possible sub-set of NUMA nodes - StaticMemoryManagerPolicy = "Static" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// KubeletConfiguration contains the configuration for the Kubelet -type KubeletConfiguration struct { - metav1.TypeMeta `json:",inline"` - - // enableServer enables Kubelet's secured server. - // Note: Kubelet's insecure port is controlled by the readOnlyPort option. - // Default: true - EnableServer *bool `json:"enableServer,omitempty"` - // staticPodPath is the path to the directory containing local (static) pods to - // run, or the path to a single static pod file. - // Default: "" - // +optional - StaticPodPath string `json:"staticPodPath,omitempty"` - // syncFrequency is the max period between synchronizing running - // containers and config. - // Default: "1m" - // +optional - SyncFrequency metav1.Duration `json:"syncFrequency,omitempty"` - // fileCheckFrequency is the duration between checking config files for - // new data. - // Default: "20s" - // +optional - FileCheckFrequency metav1.Duration `json:"fileCheckFrequency,omitempty"` - // httpCheckFrequency is the duration between checking http for new data. - // Default: "20s" - // +optional - HTTPCheckFrequency metav1.Duration `json:"httpCheckFrequency,omitempty"` - // staticPodURL is the URL for accessing static pods to run. - // Default: "" - // +optional - StaticPodURL string `json:"staticPodURL,omitempty"` - // staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL. - // Default: nil - // +optional - StaticPodURLHeader map[string][]string `json:"staticPodURLHeader,omitempty"` - // address is the IP address for the Kubelet to serve on (set to 0.0.0.0 - // for all interfaces). - // Default: "0.0.0.0" - // +optional - Address string `json:"address,omitempty"` - // port is the port for the Kubelet to serve on. - // The port number must be between 1 and 65535, inclusive. - // Default: 10250 - // +optional - Port int32 `json:"port,omitempty"` - // readOnlyPort is the read-only port for the Kubelet to serve on with - // no authentication/authorization. - // The port number must be between 1 and 65535, inclusive. - // Setting this field to 0 disables the read-only service. - // Default: 0 (disabled) - // +optional - ReadOnlyPort int32 `json:"readOnlyPort,omitempty"` - // tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert, - // if any, concatenated after server cert). If tlsCertFile and - // tlsPrivateKeyFile are not provided, a self-signed certificate - // and key are generated for the public address and saved to the directory - // passed to the Kubelet's --cert-dir flag. - // Default: "" - // +optional - TLSCertFile string `json:"tlsCertFile,omitempty"` - // tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile. - // Default: "" - // +optional - TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"` - // tlsCipherSuites is the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // Default: nil - // +optional - TLSCipherSuites []string `json:"tlsCipherSuites,omitempty"` - // tlsMinVersion is the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // Default: "" - // +optional - TLSMinVersion string `json:"tlsMinVersion,omitempty"` - // rotateCertificates enables client certificate rotation. The Kubelet will request a - // new certificate from the certificates.k8s.io API. This requires an approver to approve the - // certificate signing requests. - // Default: false - // +optional - RotateCertificates bool `json:"rotateCertificates,omitempty"` - // serverTLSBootstrap enables server certificate bootstrap. Instead of self - // signing a serving certificate, the Kubelet will request a certificate from - // the 'certificates.k8s.io' API. This requires an approver to approve the - // certificate signing requests (CSR). The RotateKubeletServerCertificate feature - // must be enabled when setting this field. - // Default: false - // +optional - ServerTLSBootstrap bool `json:"serverTLSBootstrap,omitempty"` - // authentication specifies how requests to the Kubelet's server are authenticated. - // Defaults: - // anonymous: - // enabled: false - // webhook: - // enabled: true - // cacheTTL: "2m" - // +optional - Authentication KubeletAuthentication `json:"authentication"` - // authorization specifies how requests to the Kubelet's server are authorized. - // Defaults: - // mode: Webhook - // webhook: - // cacheAuthorizedTTL: "5m" - // cacheUnauthorizedTTL: "30s" - // +optional - Authorization KubeletAuthorization `json:"authorization"` - // registryPullQPS is the limit of registry pulls per second. - // The value must not be a negative number. - // Setting it to 0 means no limit. - // Default: 5 - // +optional - RegistryPullQPS *int32 `json:"registryPullQPS,omitempty"` - // registryBurst is the maximum size of bursty pulls, temporarily allows - // pulls to burst to this number, while still not exceeding registryPullQPS. - // The value must not be a negative number. - // Only used if registryPullQPS is greater than 0. - // Default: 10 - // +optional - RegistryBurst int32 `json:"registryBurst,omitempty"` - // eventRecordQPS is the maximum event creations per second. If 0, there - // is no limit enforced. The value cannot be a negative number. - // Default: 5 - // +optional - EventRecordQPS *int32 `json:"eventRecordQPS,omitempty"` - // eventBurst is the maximum size of a burst of event creations, temporarily - // allows event creations to burst to this number, while still not exceeding - // eventRecordQPS. This field canot be a negative number and it is only used - // when eventRecordQPS > 0. - // Default: 10 - // +optional - EventBurst int32 `json:"eventBurst,omitempty"` - // enableDebuggingHandlers enables server endpoints for log access - // and local running of containers and commands, including the exec, - // attach, logs, and portforward features. - // Default: true - // +optional - EnableDebuggingHandlers *bool `json:"enableDebuggingHandlers,omitempty"` - // enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true. - // Default: false - // +optional - EnableContentionProfiling bool `json:"enableContentionProfiling,omitempty"` - // healthzPort is the port of the localhost healthz endpoint (set to 0 to disable). - // A valid number is between 1 and 65535. - // Default: 10248 - // +optional - HealthzPort *int32 `json:"healthzPort,omitempty"` - // healthzBindAddress is the IP address for the healthz server to serve on. - // Default: "127.0.0.1" - // +optional - HealthzBindAddress string `json:"healthzBindAddress,omitempty"` - // oomScoreAdj is The oom-score-adj value for kubelet process. Values - // must be within the range [-1000, 1000]. - // Default: -999 - // +optional - OOMScoreAdj *int32 `json:"oomScoreAdj,omitempty"` - // clusterDomain is the DNS domain for this cluster. If set, kubelet will - // configure all containers to search this domain in addition to the - // host's search domains. - // Default: "" - // +optional - ClusterDomain string `json:"clusterDomain,omitempty"` - // clusterDNS is a list of IP addresses for the cluster DNS server. If set, - // kubelet will configure all containers to use this for DNS resolution - // instead of the host's DNS servers. - // Default: nil - // +optional - ClusterDNS []string `json:"clusterDNS,omitempty"` - // streamingConnectionIdleTimeout is the maximum time a streaming connection - // can be idle before the connection is automatically closed. - // Default: "4h" - // +optional - StreamingConnectionIdleTimeout metav1.Duration `json:"streamingConnectionIdleTimeout,omitempty"` - // nodeStatusUpdateFrequency is the frequency that kubelet computes node - // status. If node lease feature is not enabled, it is also the frequency that - // kubelet posts node status to master. - // Note: When node lease feature is not enabled, be cautious when changing the - // constant, it must work with nodeMonitorGracePeriod in nodecontroller. - // Default: "10s" - // +optional - NodeStatusUpdateFrequency metav1.Duration `json:"nodeStatusUpdateFrequency,omitempty"` - // nodeStatusReportFrequency is the frequency that kubelet posts node - // status to master if node status does not change. Kubelet will ignore this - // frequency and post node status immediately if any change is detected. It is - // only used when node lease feature is enabled. nodeStatusReportFrequency's - // default value is 5m. But if nodeStatusUpdateFrequency is set explicitly, - // nodeStatusReportFrequency's default value will be set to - // nodeStatusUpdateFrequency for backward compatibility. - // Default: "5m" - // +optional - NodeStatusReportFrequency metav1.Duration `json:"nodeStatusReportFrequency,omitempty"` - // nodeLeaseDurationSeconds is the duration the Kubelet will set on its corresponding Lease. - // NodeLease provides an indicator of node health by having the Kubelet create and - // periodically renew a lease, named after the node, in the kube-node-lease namespace. - // If the lease expires, the node can be considered unhealthy. - // The lease is currently renewed every 10s, per KEP-0009. In the future, the lease renewal - // interval may be set based on the lease duration. - // The field value must be greater than 0. - // Default: 40 - // +optional - NodeLeaseDurationSeconds int32 `json:"nodeLeaseDurationSeconds,omitempty"` - // imageMinimumGCAge is the minimum age for an unused image before it is - // garbage collected. - // Default: "2m" - // +optional - ImageMinimumGCAge metav1.Duration `json:"imageMinimumGCAge,omitempty"` - // imageGCHighThresholdPercent is the percent of disk usage after which - // image garbage collection is always run. The percent is calculated by - // dividing this field value by 100, so this field must be between 0 and - // 100, inclusive. When specified, the value must be greater than - // imageGCLowThresholdPercent. - // Default: 85 - // +optional - ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent,omitempty"` - // imageGCLowThresholdPercent is the percent of disk usage before which - // image garbage collection is never run. Lowest disk usage to garbage - // collect to. The percent is calculated by dividing this field value by 100, - // so the field value must be between 0 and 100, inclusive. When specified, the - // value must be less than imageGCHighThresholdPercent. - // Default: 80 - // +optional - ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent,omitempty"` - // volumeStatsAggPeriod is the frequency for calculating and caching volume - // disk usage for all pods. - // Default: "1m" - // +optional - VolumeStatsAggPeriod metav1.Duration `json:"volumeStatsAggPeriod,omitempty"` - // kubeletCgroups is the absolute name of cgroups to isolate the kubelet in - // Default: "" - // +optional - KubeletCgroups string `json:"kubeletCgroups,omitempty"` - // systemCgroups is absolute name of cgroups in which to place - // all non-kernel processes that are not already in a container. Empty - // for no container. Rolling back the flag requires a reboot. - // The cgroupRoot must be specified if this field is not empty. - // Default: "" - // +optional - SystemCgroups string `json:"systemCgroups,omitempty"` - // cgroupRoot is the root cgroup to use for pods. This is handled by the - // container runtime on a best effort basis. - // +optional - CgroupRoot string `json:"cgroupRoot,omitempty"` - // cgroupsPerQOS enable QoS based CGroup hierarchy: top level CGroups for QoS classes - // and all Burstable and BestEffort Pods are brought up under their specific top level - // QoS CGroup. - // Default: true - // +optional - CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"` - // cgroupDriver is the driver kubelet uses to manipulate CGroups on the host (cgroupfs - // or systemd). - // Default: "cgroupfs" - // +optional - CgroupDriver string `json:"cgroupDriver,omitempty"` - // cpuManagerPolicy is the name of the policy to use. - // Requires the CPUManager feature gate to be enabled. - // Default: "None" - // +optional - CPUManagerPolicy string `json:"cpuManagerPolicy,omitempty"` - // cpuManagerPolicyOptions is a set of key=value which allows to set extra options - // to fine tune the behaviour of the cpu manager policies. - // Requires both the "CPUManager" and "CPUManagerPolicyOptions" feature gates to be enabled. - // Default: nil - // +optional - CPUManagerPolicyOptions map[string]string `json:"cpuManagerPolicyOptions,omitempty"` - // cpuManagerReconcilePeriod is the reconciliation period for the CPU Manager. - // Requires the CPUManager feature gate to be enabled. - // Default: "10s" - // +optional - CPUManagerReconcilePeriod metav1.Duration `json:"cpuManagerReconcilePeriod,omitempty"` - // memoryManagerPolicy is the name of the policy to use by memory manager. - // Requires the MemoryManager feature gate to be enabled. - // Default: "none" - // +optional - MemoryManagerPolicy string `json:"memoryManagerPolicy,omitempty"` - // topologyManagerPolicy is the name of the topology manager policy to use. - // Valid values include: - // - // - `restricted`: kubelet only allows pods with optimal NUMA node alignment for - // requested resources; - // - `best-effort`: kubelet will favor pods with NUMA alignment of CPU and device - // resources; - // - `none`: kubelet has no knowledge of NUMA alignment of a pod's CPU and device resources. - // - `single-numa-node`: kubelet only allows pods with a single NUMA alignment - // of CPU and device resources. - // - // Policies other than "none" require the TopologyManager feature gate to be enabled. - // Default: "none" - // +optional - TopologyManagerPolicy string `json:"topologyManagerPolicy,omitempty"` - // topologyManagerScope represents the scope of topology hint generation - // that topology manager requests and hint providers generate. Valid values include: - // - // - `container`: topology policy is applied on a per-container basis. - // - `pod`: topology policy is applied on a per-pod basis. - // - // "pod" scope requires the TopologyManager feature gate to be enabled. - // Default: "container" - // +optional - TopologyManagerScope string `json:"topologyManagerScope,omitempty"` - // qosReserved is a set of resource name to percentage pairs that specify - // the minimum percentage of a resource reserved for exclusive use by the - // guaranteed QoS tier. - // Currently supported resources: "memory" - // Requires the QOSReserved feature gate to be enabled. - // Default: nil - // +optional - QOSReserved map[string]string `json:"qosReserved,omitempty"` - // runtimeRequestTimeout is the timeout for all runtime requests except long running - // requests - pull, logs, exec and attach. - // Default: "2m" - // +optional - RuntimeRequestTimeout metav1.Duration `json:"runtimeRequestTimeout,omitempty"` - // hairpinMode specifies how the Kubelet should configure the container - // bridge for hairpin packets. - // Setting this flag allows endpoints in a Service to loadbalance back to - // themselves if they should try to access their own Service. Values: - // - // - "promiscuous-bridge": make the container bridge promiscuous. - // - "hairpin-veth": set the hairpin flag on container veth interfaces. - // - "none": do nothing. - // - // Generally, one must set `--hairpin-mode=hairpin-veth to` achieve hairpin NAT, - // because promiscuous-bridge assumes the existence of a container bridge named cbr0. - // Default: "promiscuous-bridge" - // +optional - HairpinMode string `json:"hairpinMode,omitempty"` - // maxPods is the maximum number of Pods that can run on this Kubelet. - // The value must be a non-negative integer. - // Default: 110 - // +optional - MaxPods int32 `json:"maxPods,omitempty"` - // podCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. - // In cluster mode, this is obtained from the control plane. - // Default: "" - // +optional - PodCIDR string `json:"podCIDR,omitempty"` - // podPidsLimit is the maximum number of PIDs in any pod. - // Default: -1 - // +optional - PodPidsLimit *int64 `json:"podPidsLimit,omitempty"` - // resolvConf is the resolver configuration file used as the basis - // for the container DNS resolution configuration. - // If set to the empty string, will override the default and effectively disable DNS lookups. - // Default: "/etc/resolv.conf" - // +optional - ResolverConfig *string `json:"resolvConf,omitempty"` - // runOnce causes the Kubelet to check the API server once for pods, - // run those in addition to the pods specified by static pod files, and exit. - // Default: false - // +optional - RunOnce bool `json:"runOnce,omitempty"` - // cpuCFSQuota enables CPU CFS quota enforcement for containers that - // specify CPU limits. - // Default: true - // +optional - CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty"` - // cpuCFSQuotaPeriod is the CPU CFS quota period value, `cpu.cfs_period_us`. - // The value must be between 1 us and 1 second, inclusive. - // Requires the CustomCPUCFSQuotaPeriod feature gate to be enabled. - // Default: "100ms" - // +optional - CPUCFSQuotaPeriod *metav1.Duration `json:"cpuCFSQuotaPeriod,omitempty"` - // nodeStatusMaxImages caps the number of images reported in Node.status.images. - // The value must be greater than -2. - // Note: If -1 is specified, no cap will be applied. If 0 is specified, no image is returned. - // Default: 50 - // +optional - NodeStatusMaxImages *int32 `json:"nodeStatusMaxImages,omitempty"` - // maxOpenFiles is Number of files that can be opened by Kubelet process. - // The value must be a non-negative number. - // Default: 1000000 - // +optional - MaxOpenFiles int64 `json:"maxOpenFiles,omitempty"` - // contentType is contentType of requests sent to apiserver. - // Default: "application/vnd.kubernetes.protobuf" - // +optional - ContentType string `json:"contentType,omitempty"` - // kubeAPIQPS is the QPS to use while talking with kubernetes apiserver. - // Default: 5 - // +optional - KubeAPIQPS *int32 `json:"kubeAPIQPS,omitempty"` - // kubeAPIBurst is the burst to allow while talking with kubernetes API server. - // This field cannot be a negative number. - // Default: 10 - // +optional - KubeAPIBurst int32 `json:"kubeAPIBurst,omitempty"` - // serializeImagePulls when enabled, tells the Kubelet to pull images one - // at a time. We recommend *not* changing the default value on nodes that - // run docker daemon with version < 1.9 or an Aufs storage backend. - // Issue #10959 has more details. - // Default: true - // +optional - SerializeImagePulls *bool `json:"serializeImagePulls,omitempty"` - // evictionHard is a map of signal names to quantities that defines hard eviction - // thresholds. For example: `{"memory.available": "300Mi"}`. - // To explicitly disable, pass a 0% or 100% threshold on an arbitrary resource. - // Default: - // memory.available: "100Mi" - // nodefs.available: "10%" - // nodefs.inodesFree: "5%" - // imagefs.available: "15%" - // +optional - EvictionHard map[string]string `json:"evictionHard,omitempty"` - // evictionSoft is a map of signal names to quantities that defines soft eviction thresholds. - // For example: `{"memory.available": "300Mi"}`. - // Default: nil - // +optional - EvictionSoft map[string]string `json:"evictionSoft,omitempty"` - // evictionSoftGracePeriod is a map of signal names to quantities that defines grace - // periods for each soft eviction signal. For example: `{"memory.available": "30s"}`. - // Default: nil - // +optional - EvictionSoftGracePeriod map[string]string `json:"evictionSoftGracePeriod,omitempty"` - // evictionPressureTransitionPeriod is the duration for which the kubelet has to wait - // before transitioning out of an eviction pressure condition. - // Default: "5m" - // +optional - EvictionPressureTransitionPeriod metav1.Duration `json:"evictionPressureTransitionPeriod,omitempty"` - // evictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use - // when terminating pods in response to a soft eviction threshold being met. This value - // effectively caps the Pod's terminationGracePeriodSeconds value during soft evictions. - // Note: Due to issue #64530, the behavior has a bug where this value currently just - // overrides the grace period during soft eviction, which can increase the grace - // period from what is set on the Pod. This bug will be fixed in a future release. - // Default: 0 - // +optional - EvictionMaxPodGracePeriod int32 `json:"evictionMaxPodGracePeriod,omitempty"` - // evictionMinimumReclaim is a map of signal names to quantities that defines minimum reclaims, - // which describe the minimum amount of a given resource the kubelet will reclaim when - // performing a pod eviction while that resource is under pressure. - // For example: `{"imagefs.available": "2Gi"}`. - // Default: nil - // +optional - EvictionMinimumReclaim map[string]string `json:"evictionMinimumReclaim,omitempty"` - // podsPerCore is the maximum number of pods per core. Cannot exceed maxPods. - // The value must be a non-negative integer. - // If 0, there is no limit on the number of Pods. - // Default: 0 - // +optional - PodsPerCore int32 `json:"podsPerCore,omitempty"` - // enableControllerAttachDetach enables the Attach/Detach controller to - // manage attachment/detachment of volumes scheduled to this node, and - // disables kubelet from executing any attach/detach operations. - // Note: attaching/detaching CSI volumes is not supported by the kubelet, - // so this option needs to be true for that use case. - // Default: true - // +optional - EnableControllerAttachDetach *bool `json:"enableControllerAttachDetach,omitempty"` - // protectKernelDefaults, if true, causes the Kubelet to error if kernel - // flags are not as it expects. Otherwise the Kubelet will attempt to modify - // kernel flags to match its expectation. - // Default: false - // +optional - ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"` - // makeIPTablesUtilChains, if true, causes the Kubelet ensures a set of iptables rules - // are present on host. - // These rules will serve as utility rules for various components, e.g. kube-proxy. - // The rules will be created based on iptablesMasqueradeBit and iptablesDropBit. - // Default: true - // +optional - MakeIPTablesUtilChains *bool `json:"makeIPTablesUtilChains,omitempty"` - // iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT. - // Values must be within the range [0, 31]. Must be different from other mark bits. - // Warning: Please match the value of the corresponding parameter in kube-proxy. - // TODO: clean up IPTablesMasqueradeBit in kube-proxy. - // Default: 14 - // +optional - IPTablesMasqueradeBit *int32 `json:"iptablesMasqueradeBit,omitempty"` - // iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets. - // Values must be within the range [0, 31]. Must be different from other mark bits. - // Default: 15 - // +optional - IPTablesDropBit *int32 `json:"iptablesDropBit,omitempty"` - // featureGates is a map of feature names to bools that enable or disable experimental - // features. This field modifies piecemeal the built-in default values from - // "k8s.io/kubernetes/pkg/features/kube_features.go". - // Default: nil - // +optional - FeatureGates map[string]bool `json:"featureGates,omitempty"` - // failSwapOn tells the Kubelet to fail to start if swap is enabled on the node. - // Default: true - // +optional - FailSwapOn *bool `json:"failSwapOn,omitempty"` - // memorySwap configures swap memory available to container workloads. - // +featureGate=NodeSwap - // +optional - MemorySwap MemorySwapConfiguration `json:"memorySwap,omitempty"` - // containerLogMaxSize is a quantity defining the maximum size of the container log - // file before it is rotated. For example: "5Mi" or "256Ki". - // Default: "10Mi" - // +optional - ContainerLogMaxSize string `json:"containerLogMaxSize,omitempty"` - // containerLogMaxFiles specifies the maximum number of container log files that can - // be present for a container. - // Default: 5 - // +optional - ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty"` - // configMapAndSecretChangeDetectionStrategy is a mode in which ConfigMap and Secret - // managers are running. Valid values include: - // - // - `Get`: kubelet fetches necessary objects directly from the API server; - // - `Cache`: kubelet uses TTL cache for object fetched from the API server; - // - `Watch`: kubelet uses watches to observe changes to objects that are in its interest. - // - // Default: "Watch" - // +optional - ConfigMapAndSecretChangeDetectionStrategy ResourceChangeDetectionStrategy `json:"configMapAndSecretChangeDetectionStrategy,omitempty"` - - /* the following fields are meant for Node Allocatable */ - - // systemReserved is a set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) - // pairs that describe resources reserved for non-kubernetes components. - // Currently only cpu and memory are supported. - // See http://kubernetes.io/docs/user-guide/compute-resources for more detail. - // Default: nil - // +optional - SystemReserved map[string]string `json:"systemReserved,omitempty"` - // kubeReserved is a set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs - // that describe resources reserved for kubernetes system components. - // Currently cpu, memory and local storage for root file system are supported. - // See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // for more details. - // Default: nil - // +optional - KubeReserved map[string]string `json:"kubeReserved,omitempty"` - // The reservedSystemCPUs option specifies the CPU list reserved for the host - // level system threads and kubernetes related threads. This provide a "static" - // CPU list rather than the "dynamic" list by systemReserved and kubeReserved. - // This option does not support systemReservedCgroup or kubeReservedCgroup. - ReservedSystemCPUs string `json:"reservedSystemCPUs,omitempty"` - // showHiddenMetricsForVersion is the previous version for which you want to show - // hidden metrics. - // Only the previous minor version is meaningful, other values will not be allowed. - // The format is `.`, e.g.: `1.16`. - // The purpose of this format is make sure you have the opportunity to notice - // if the next release hides additional metrics, rather than being surprised - // when they are permanently removed in the release after that. - // Default: "" - // +optional - ShowHiddenMetricsForVersion string `json:"showHiddenMetricsForVersion,omitempty"` - // systemReservedCgroup helps the kubelet identify absolute name of top level CGroup used - // to enforce `systemReserved` compute resource reservation for OS system daemons. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) - // doc for more information. - // Default: "" - // +optional - SystemReservedCgroup string `json:"systemReservedCgroup,omitempty"` - // kubeReservedCgroup helps the kubelet identify absolute name of top level CGroup used - // to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) - // doc for more information. - // Default: "" - // +optional - KubeReservedCgroup string `json:"kubeReservedCgroup,omitempty"` - // This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform. - // This flag accepts a list of options. Acceptable options are `none`, `pods`, - // `system-reserved` and `kube-reserved`. - // If `none` is specified, no other options may be specified. - // When `system-reserved` is in the list, systemReservedCgroup must be specified. - // When `kube-reserved` is in the list, kubeReservedCgroup must be specified. - // This field is supported only when `cgroupsPerQOS` is set to true. - // Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) - // for more information. - // Default: ["pods"] - // +optional - EnforceNodeAllocatable []string `json:"enforceNodeAllocatable,omitempty"` - // A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in `*`). - // Unsafe sysctl groups are `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, - // and `net.*`. For example: "`kernel.msg*,net.ipv4.route.min_pmtu`" - // Default: [] - // +optional - AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"` - // volumePluginDir is the full path of the directory in which to search - // for additional third party volume plugins. - // Default: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/" - // +optional - VolumePluginDir string `json:"volumePluginDir,omitempty"` - // providerID, if set, sets the unique ID of the instance that an external - // provider (i.e. cloudprovider) can use to identify a specific node. - // Default: "" - // +optional - ProviderID string `json:"providerID,omitempty"` - // kernelMemcgNotification, if set, instructs the kubelet to integrate with the - // kernel memcg notification for determining if memory eviction thresholds are - // exceeded rather than polling. - // Default: false - // +optional - KernelMemcgNotification bool `json:"kernelMemcgNotification,omitempty"` - // logging specifies the options of logging. - // Refer to [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go) - // for more information. - // Default: - // Format: text - // + optional - Logging logsapi.LoggingConfiguration `json:"logging,omitempty"` - // enableSystemLogHandler enables system logs via web interface host:port/logs/ - // Default: true - // +optional - EnableSystemLogHandler *bool `json:"enableSystemLogHandler,omitempty"` - // shutdownGracePeriod specifies the total duration that the node should delay the - // shutdown and total grace period for pod termination during a node shutdown. - // Default: "0s" - // +featureGate=GracefulNodeShutdown - // +optional - ShutdownGracePeriod metav1.Duration `json:"shutdownGracePeriod,omitempty"` - // shutdownGracePeriodCriticalPods specifies the duration used to terminate critical - // pods during a node shutdown. This should be less than shutdownGracePeriod. - // For example, if shutdownGracePeriod=30s, and shutdownGracePeriodCriticalPods=10s, - // during a node shutdown the first 20 seconds would be reserved for gracefully - // terminating normal pods, and the last 10 seconds would be reserved for terminating - // critical pods. - // Default: "0s" - // +featureGate=GracefulNodeShutdown - // +optional - ShutdownGracePeriodCriticalPods metav1.Duration `json:"shutdownGracePeriodCriticalPods,omitempty"` - // shutdownGracePeriodByPodPriority specifies the shutdown grace period for Pods based - // on their associated priority class value. - // When a shutdown request is received, the Kubelet will initiate shutdown on all pods - // running on the node with a grace period that depends on the priority of the pod, - // and then wait for all pods to exit. - // Each entry in the array represents the graceful shutdown time a pod with a priority - // class value that lies in the range of that value and the next higher entry in the - // list when the node is shutting down. - // For example, to allow critical pods 10s to shutdown, priority>=10000 pods 20s to - // shutdown, and all remaining pods 30s to shutdown. - // - // shutdownGracePeriodByPodPriority: - // - priority: 2000000000 - // shutdownGracePeriodSeconds: 10 - // - priority: 10000 - // shutdownGracePeriodSeconds: 20 - // - priority: 0 - // shutdownGracePeriodSeconds: 30 - // - // The time the Kubelet will wait before exiting will at most be the maximum of all - // shutdownGracePeriodSeconds for each priority class range represented on the node. - // When all pods have exited or reached their grace periods, the Kubelet will release - // the shutdown inhibit lock. - // Requires the GracefulNodeShutdown feature gate to be enabled. - // This configuration must be empty if either ShutdownGracePeriod or ShutdownGracePeriodCriticalPods is set. - // Default: nil - // +featureGate=GracefulNodeShutdownBasedOnPodPriority - // +optional - ShutdownGracePeriodByPodPriority []ShutdownGracePeriodByPodPriority `json:"shutdownGracePeriodByPodPriority,omitempty"` - // reservedMemory specifies a comma-separated list of memory reservations for NUMA nodes. - // The parameter makes sense only in the context of the memory manager feature. - // The memory manager will not allocate reserved memory for container workloads. - // For example, if you have a NUMA0 with 10Gi of memory and the reservedMemory was - // specified to reserve 1Gi of memory at NUMA0, the memory manager will assume that - // only 9Gi is available for allocation. - // You can specify a different amount of NUMA node and memory types. - // You can omit this parameter at all, but you should be aware that the amount of - // reserved memory from all NUMA nodes should be equal to the amount of memory specified - // by the [node allocatable](https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable). - // If at least one node allocatable parameter has a non-zero value, you will need - // to specify at least one NUMA node. - // Also, avoid specifying: - // - // 1. Duplicates, the same NUMA node, and memory type, but with a different value. - // 2. zero limits for any memory type. - // 3. NUMAs nodes IDs that do not exist under the machine. - // 4. memory types except for memory and hugepages- - // - // Default: nil - // +optional - ReservedMemory []MemoryReservation `json:"reservedMemory,omitempty"` - // enableProfilingHandler enables profiling via web interface host:port/debug/pprof/ - // Default: true - // +optional - EnableProfilingHandler *bool `json:"enableProfilingHandler,omitempty"` - // enableDebugFlagsHandler enables flags endpoint via web interface host:port/debug/flags/v - // Default: true - // +optional - EnableDebugFlagsHandler *bool `json:"enableDebugFlagsHandler,omitempty"` - // SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. - // This requires the corresponding SeccompDefault feature gate to be enabled as well. - // Default: false - // +optional - SeccompDefault *bool `json:"seccompDefault,omitempty"` - // MemoryThrottlingFactor specifies the factor multiplied by the memory limit or node allocatable memory - // when setting the cgroupv2 memory.high value to enforce MemoryQoS. - // Decreasing this factor will set lower high limit for container cgroups and put heavier reclaim pressure - // while increasing will put less reclaim pressure. - // See http://kep.k8s.io/2570 for more details. - // Default: 0.8 - // +featureGate=MemoryQoS - // +optional - MemoryThrottlingFactor *float64 `json:"memoryThrottlingFactor,omitempty"` - // registerWithTaints are an array of taints to add to a node object when - // the kubelet registers itself. This only takes effect when registerNode - // is true and upon the initial registration of the node. - // Default: nil - // +optional - RegisterWithTaints []v1.Taint `json:"registerWithTaints,omitempty"` - // registerNode enables automatic registration with the apiserver. - // Default: true - // +optional - RegisterNode *bool `json:"registerNode,omitempty"` -} - -type KubeletAuthorizationMode string - -const ( - // KubeletAuthorizationModeAlwaysAllow authorizes all authenticated requests - KubeletAuthorizationModeAlwaysAllow KubeletAuthorizationMode = "AlwaysAllow" - // KubeletAuthorizationModeWebhook uses the SubjectAccessReview API to determine authorization - KubeletAuthorizationModeWebhook KubeletAuthorizationMode = "Webhook" -) - -type KubeletAuthorization struct { - // mode is the authorization mode to apply to requests to the kubelet server. - // Valid values are `AlwaysAllow` and `Webhook`. - // Webhook mode uses the SubjectAccessReview API to determine authorization. - // +optional - Mode KubeletAuthorizationMode `json:"mode,omitempty"` - - // webhook contains settings related to Webhook authorization. - // +optional - Webhook KubeletWebhookAuthorization `json:"webhook"` -} - -type KubeletWebhookAuthorization struct { - // cacheAuthorizedTTL is the duration to cache 'authorized' responses from the - // webhook authorizer. - // +optional - CacheAuthorizedTTL metav1.Duration `json:"cacheAuthorizedTTL,omitempty"` - // cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from - // the webhook authorizer. - // +optional - CacheUnauthorizedTTL metav1.Duration `json:"cacheUnauthorizedTTL,omitempty"` -} - -type KubeletAuthentication struct { - // x509 contains settings related to x509 client certificate authentication. - // +optional - X509 KubeletX509Authentication `json:"x509"` - // webhook contains settings related to webhook bearer token authentication. - // +optional - Webhook KubeletWebhookAuthentication `json:"webhook"` - // anonymous contains settings related to anonymous authentication. - // +optional - Anonymous KubeletAnonymousAuthentication `json:"anonymous"` -} - -type KubeletX509Authentication struct { - // clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request - // presenting a client certificate signed by one of the authorities in the bundle - // is authenticated with a username corresponding to the CommonName, - // and groups corresponding to the Organization in the client certificate. - // +optional - ClientCAFile string `json:"clientCAFile,omitempty"` -} - -type KubeletWebhookAuthentication struct { - // enabled allows bearer token authentication backed by the - // tokenreviews.authentication.k8s.io API. - // +optional - Enabled *bool `json:"enabled,omitempty"` - // cacheTTL enables caching of authentication results - // +optional - CacheTTL metav1.Duration `json:"cacheTTL,omitempty"` -} - -type KubeletAnonymousAuthentication struct { - // enabled allows anonymous requests to the kubelet server. - // Requests that are not rejected by another authentication method are treated as - // anonymous requests. - // Anonymous requests have a username of `system:anonymous`, and a group name of - // `system:unauthenticated`. - // +optional - Enabled *bool `json:"enabled,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// SerializedNodeConfigSource allows us to serialize v1.NodeConfigSource. -// This type is used internally by the Kubelet for tracking checkpointed dynamic configs. -// It exists in the kubeletconfig API group because it is classified as a versioned input to the Kubelet. -type SerializedNodeConfigSource struct { - metav1.TypeMeta `json:",inline"` - // source is the source that we are serializing. - // +optional - Source v1.NodeConfigSource `json:"source,omitempty" protobuf:"bytes,1,opt,name=source"` -} - -// MemoryReservation specifies the memory reservation of different types for each NUMA node -type MemoryReservation struct { - NumaNode int32 `json:"numaNode"` - Limits v1.ResourceList `json:"limits"` -} - -// ShutdownGracePeriodByPodPriority specifies the shutdown grace period for Pods based on their associated priority class value -type ShutdownGracePeriodByPodPriority struct { - // priority is the priority value associated with the shutdown grace period - Priority int32 `json:"priority"` - // shutdownGracePeriodSeconds is the shutdown grace period in seconds - ShutdownGracePeriodSeconds int64 `json:"shutdownGracePeriodSeconds"` -} - -type MemorySwapConfiguration struct { - // swapBehavior configures swap memory available to container workloads. May be one of - // "", "LimitedSwap": workload combined memory and swap usage cannot exceed pod memory limit - // "UnlimitedSwap": workloads can use unlimited swap, up to the allocatable limit. - // +featureGate=NodeSwap - // +optional - SwapBehavior string `json:"swapBehavior,omitempty"` -} - // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CredentialProviderConfig is the configuration containing information about @@ -945,7 +75,7 @@ type CredentialProvider struct { // Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse // MUST use the same encoding version as the input. Current supported values are: - // - credentialprovider.kubelet.k8s.io/v1beta1 + // - credentialprovider.kubelet.k8s.io/v1 APIVersion string `json:"apiVersion"` // Arguments to pass to the command when executing it. diff --git a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/install/install.go b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/install/install.go index f3f8b1dfa3c..58461310054 100644 --- a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/install/install.go +++ b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/install/install.go @@ -20,6 +20,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/kubelet/pkg/apis/credentialprovider" + v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1" "k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1" "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1" ) @@ -31,4 +32,6 @@ func Install(scheme *runtime.Scheme) { utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) utilruntime.Must(v1beta1.AddToScheme(scheme)) utilruntime.Must(scheme.SetVersionPriority(v1beta1.SchemeGroupVersion)) + utilruntime.Must(v1.AddToScheme(scheme)) + utilruntime.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion)) } diff --git a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/doc.go b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/doc.go index df4f4bf150d..474a085ab92 100644 --- a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/doc.go +++ b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/doc.go @@ -19,4 +19,4 @@ limitations under the License. // +k8s:defaulter-gen=TypeMeta // +groupName=credentialprovider.kubelet.k8s.io -package v1beta1 // import "k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1" +package v1 // import "k8s.io/kubelet/pkg/apis/credentialprovider/v1" diff --git a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/register.go b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/register.go index 75ec067cb03..0f8177bd8ca 100644 --- a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/register.go +++ b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/register.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -27,7 +27,7 @@ const GroupName = "credentialprovider.kubelet.k8s.io" // SchemeGroupVersion is group version used to register these objects var ( - SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} + SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} localSchemeBuilder = &SchemeBuilder ) diff --git a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/types.go b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/types.go index 2bc37ce9294..3cce9cc428e 100644 --- a/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/types.go +++ b/staging/src/k8s.io/kubelet/pkg/apis/credentialprovider/v1/types.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/vendor/modules.txt b/vendor/modules.txt index f8f4d979023..8d01b25656d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2308,6 +2308,7 @@ k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation # k8s.io/kubelet v0.0.0 => ./staging/src/k8s.io/kubelet ## explicit; go 1.19 +k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 k8s.io/kubelet/config/v1beta1 k8s.io/kubelet/pkg/apis @@ -2315,6 +2316,7 @@ k8s.io/kubelet/pkg/apis/credentialprovider k8s.io/kubelet/pkg/apis/credentialprovider/install k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1 k8s.io/kubelet/pkg/apis/credentialprovider/v1beta1 +k8s.io/kubelet/pkg/apis/credentialprovider/v1 k8s.io/kubelet/pkg/apis/deviceplugin/v1beta1 k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1