Commit Graph

115080 Commits

Author SHA1 Message Date
Madhav Jivrajani
9fbd08e075 kubectl: Change subresource flag to beta
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
2023-03-14 21:44:32 +05:30
Aravindh Puthiyaparambil
d12696c20f
kubelet: Expose simple journald and Get-WinEvent shims on the logs endpoint
Provide an administrator a streaming view of journal logs on Linux
systems using journalctl, and event logs on Windows systems using the
Get-WinEvent PowerShell cmdlet without them having to implement a client
side reader.

Only available to cluster admins.

The implementation for journald on Linux was originally done by Clayton
Coleman.

Introduce a heuristics approach to query logs

The logs query for node objects will follow a heuristics approach
when asked to query for logs from a service. If asked to get the
logs from a service foobar, it will first check if foobar logs to the
native OS service log provider. If unable to get logs from these, it
will attempt to get logs from /var/foobar, /var/log/foobar.log or
/var/log/foobar/foobar.log in that order.
The logs sub-command can also directly serve a file if the query looks
like a file.

Co-authored-by: Clayton Coleman <ccoleman@redhat.com>
Co-authored-by: Christian Glombek <cglombek@redhat.com>
2023-03-14 08:54:36 -07:00
Alex Wang
199c37acef feat: update matchLabelKeys comment and code auto-generate
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
2023-03-14 23:51:50 +08:00
Jan Safranek
a53c6f1dc8 Add validation of CSIDriver.SELinuxMount 2023-03-14 16:49:55 +01:00
Aravindh Puthiyaparambil
26279a5282
kubelet: Add validation for EnableNodeLogQuery 2023-03-14 08:45:20 -07:00
Aravindh Puthiyaparambil
aadad09410
api: Add EnableNodeLogQuery to KubeletConfiguration
Added EnableNodeLogQuery field to kubelet/apis/config/types.go and
staging/src/k8s.io/kubelet/config/v1beta1/types.go, then executed.
 `hack/update-codegen.sh`.

This new field will default to off and will need to be explicitly
enabled in addition to the NodeLogQuery gate to use the feature.
2023-03-14 08:45:19 -07:00
Aravindh Puthiyaparambil
d52cbd4a5a
feature: Add NodeLogQuery feature gate
Enable the query endpoint only if this gate is enabled in addition to
the EnableNodeLogQuery kubelet config option.
2023-03-14 08:45:18 -07:00
Kubernetes Prow Robot
a9008b502d
Merge pull request #116577 from jsafrane/fix-standalone-mode
Fix volume reconstruction in standalone mode
2023-03-14 08:37:02 -07:00
Kubernetes Prow Robot
fe9dc2ee11
Merge pull request #116573 from claudiubelu/fix-kubeadm-unittests
unit tests: Fixes init and rejoin unit tests for Windows
2023-03-14 08:36:52 -07:00
Kubernetes Prow Robot
204a9a1f17
Merge pull request #116459 from ffromani/podresources-ratelimit-minimal
add podresources DOS prevention using rate limit
2023-03-14 08:36:45 -07:00
Kubernetes Prow Robot
2bd69db8d7
Merge pull request #116351 from vinaykul/restart-free-pod-vertical-scaling-kubelet-fix-followup
Initialize pod resource allocation checkpoint manager to noop
2023-03-14 08:36:37 -07:00
Kubernetes Prow Robot
4f76e4a0fd
Merge pull request #115603 from pacoxu/coredns-v1.10.1
update coredns to v1.10.1
2023-03-14 08:36:28 -07:00
Kubernetes Prow Robot
06619135e0
Merge pull request #114226 from saschagrunert/apiextensions-apiserver-static
Link `apiextensions-apiserver` binary statically
2023-03-14 08:36:16 -07:00
Madhav Jivrajani
a466b7f5aa test/e2e: Add e2e tests for kubectl --subresource
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
2023-03-14 21:01:44 +05:30
Katrina Verey
923d9b63fd
Allow conformant CRDs to be ApplySet parents 2023-03-14 11:09:08 -04:00
Alex Wang
8a1f9f43e6 feat: validate matchLabelKeys when labelSelector isn't set
Signed-off-by: Alex Wang <wangqingcan1990@gmail.com>
2023-03-14 22:36:41 +08:00
Davanum Srinivas
a1d157bf32
Add some missing flags
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2023-03-14 10:36:25 -04:00
Kubernetes Prow Robot
689fc37dd2
Merge pull request #112334 from dgrisonnet/fix-eventseries-count
Fix EventSeries starting count discrepancy
2023-03-14 07:28:16 -07:00
Divyen Patel
eca25d9e12 lock CSIMigrationvSphere feature gate 2023-03-14 19:57:57 +05:30
Monis Khan
832d6f0e19
kmsv2: re-use DEK while key ID is unchanged
This change updates KMS v2 to not create a new DEK for every
encryption.  Instead, we re-use the DEK while the key ID is stable.

Specifically:

We no longer use a random 12 byte nonce per encryption.  Instead, we
use both a random 4 byte nonce and an 8 byte nonce set via an atomic
counter.  Since each DEK is randomly generated and never re-used,
the combination of DEK and counter are always unique.  Thus there
can never be a nonce collision.  AES GCM strongly encourages the use
of a 12 byte nonce, hence the additional 4 byte random nonce.  We
could leave those 4 bytes set to all zeros, but there is no harm in
setting them to random data (it may help in some edge cases such as
live VM migration).

If the plugin is not healthy, the last DEK will be used for
encryption for up to three minutes (there is no difference on the
behavior of reads which have always used the DEK cache).  This will
reduce the impact of a short plugin outage while making it easy to
perform storage migration after a key ID change (i.e. simply wait
ten minutes after the key ID change before starting the migration).

The DEK rotation cycle is performed in sync with the KMS v2 status
poll thus we always have the correct information to determine if a
read is stale in regards to storage migration.

Signed-off-by: Monis Khan <mok@microsoft.com>
2023-03-14 10:23:50 -04:00
Gunju Kim
cdf501f77b
Add service-feature-gates argument to node_e2e
This separates the "service-feature-gates" argument from the
"feature-gates" to set feature gates of API service independently.
2023-03-14 22:54:30 +09:00
Jan Safranek
a84dc2d5c5 Flip SELinuxMountReadWriteOncePod to Beta
And enable all e2e tests by default. They're still behind
`[Feature:SELinux]` tag to ensure the underlying OS supports SELinux.
2023-03-14 14:32:38 +01:00
zhucan
80ff4b90a5 e2e: test for node expand volume with secrets failed
Signed-off-by: zhucan <zhucan.k8s@gmail.com>
2023-03-14 21:12:31 +08:00
Kubernetes Prow Robot
fcf5d23e68
Merge pull request #96275 from swatisehgal/noderesourcetopology
Remove NodeResourceTopology API from staging
2023-03-14 06:00:17 -07:00
Humble Chirammal
92f59b6323 Update NodeExpandSecretRef comment for beta
Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
2023-03-14 17:57:24 +05:30
justinsb
9c5c8b243d kubectl diff: refactor tracker into a separate type
This means that we can reuse the logic even if we swap out the pruner.
2023-03-14 12:06:44 +00:00
Swati Sehgal
126e184bc8 noderesourcetopology: remove reference to NRT-API in README.
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
2023-03-14 17:34:07 +05:30
Katrina Verey
6a31757f45
Applyset dry run tests + ID value (#116265)
* Test for ApplySet with --dry-run=client|server

* Use the real format for ApplySet ID

* Incorporate feedback

* Adjustments from rebase
2023-03-14 04:46:16 -07:00
Jan Safranek
c4f8c3f628 Fix volume reconstruction in standalone mode
Kubelet in standalone mode won't have kubeclient, it cannot get node.status
and get devices from it. Such a kubelet cannot mount attachable volumes
anyway.
2023-03-14 12:32:21 +01:00
Patrick Ohly
e97531b349 api: extend validation of dynamic resource allocation fields in PodSpec
The generated ResourceClaim name and the names of the ResourceClaimTemplate and
ResourceClaim referenced by a pod must be valid according to the resource API,
otherwise the pod cannot start.

Checking this was removed from the original implementation out of concerns
about validating fields in core against limitations imposed by a separate,
alpha API.  But as this was pointed out again in
https://github.com/kubernetes/kubernetes/pull/116254#discussion_r1134010324
it gets added back.

The same strings that worked before still work now. In particular, the
constraints for a spec.resourceClaim.name are still the same (DNS label).
2023-03-14 11:58:41 +01:00
Kubernetes Prow Robot
c8f001d798
Merge pull request #114504 from vrutkovs/tracing-kubelet-toplevel
kubelet: create top-level traces for pod sync and GC
2023-03-14 03:12:16 -07:00
Paco Xu
a5587de2e4 print all calls when compare CSI call failed 2023-03-14 18:03:08 +08:00
Claudiu Belu
4f16887a11 unit tests: Fixes init and rejoin unit tests for Windows
The default CRI Socket on Windows is npipe://./pipe/containerd-containerd.
2023-03-14 09:45:16 +00:00
Swati Sehgal
76d9b8dd87 noderesourcetopology-api: Remove nrt from publishing-bot rules.yaml
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
2023-03-14 15:13:35 +05:30
Patrick Ohly
2b8a4e8097 api: generated files for PodSchedulingContext 2023-03-14 10:18:08 +01:00
Patrick Ohly
fec5233668 api: resource.k8s.io PodScheduling -> PodSchedulingContext
The name "PodScheduling" was unusual because in contrast to most other names,
it was impossible to put an article in front of it. Now PodSchedulingContext is
used instead.
2023-03-14 10:18:08 +01:00
Andrew Sy Kim
ee18f60252
apiserver: exclude APF queue wait time from SLO latency metrics (#116420)
* apiserver: add latency tracker for priority & fairness queue wait time

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* apiserver: exclude priority & fairness wait times to SLO/SLI latency metrics

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* apiserver: update TestLatencyTrackersFrom to check latency from PriorityAndFairnessTracker

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* flowcontrol: add helper function observeQueueWaitTime to consolidate metric and latency tracker calls

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* flowcontrol: replace time.Now() / time.Since() with clock.Now() / clock.Since() for better testability

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

* flowcontrol: add unit test TestQueueWaitTimeLatencyTracker to validate queue wait times recorded by latency tracker

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>

---------

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2023-03-14 02:15:20 -07:00
Kubernetes Prow Robot
0e06be57a6
Merge pull request #116299 from pohly/dra-v1alpha2
api: resource.k8s.io v1alpha1 -> v1alpha2
2023-03-14 02:15:08 -07:00
Mengjiao Liu
c512232782 Migrate pkg/scheduler/framework/plugins/defaultbinder to contextual logging 2023-03-14 17:02:25 +08:00
Paco Xu
4e5171b396 upgrade csi provisioner to v3.4.0
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
2023-03-14 16:51:46 +08:00
Paco Xu
40d543a59d check node expand secret ref and fix CSI calls compare failure
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
2023-03-14 16:51:46 +08:00
Paco Xu
2f71a635af get pvc again to get the pv name that bound to the PVC
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
2023-03-14 16:51:46 +08:00
Kubernetes Prow Robot
921dfed168
Merge pull request #116566 from liggitt/fix-fuzzer
Fix StatefulSet fuzzer
2023-03-14 00:45:09 -07:00
Swati Sehgal
4c8ee8e00e noderesourcetopology-api: Vendor update
Generated by running:

```
./hack/updater-vendor.sh
```

Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
2023-03-14 13:03:01 +05:30
Swati Sehgal
5a2adda7fa noderesourcetopology-api: Remove from staging
Signed-off-by: Swati Sehgal <swsehgal@redhat.com>
2023-03-14 12:58:31 +05:30
Patrick Ohly
29941b8d3e api: resource.k8s.io v1alpha1 -> v1alpha2
For Kubernetes 1.27, we intend to make some breaking API changes:
- rename PodScheduling -> PodSchedulingHints (https://github.com/kubernetes/kubernetes/issues/114283)
- extend ResourceClaimStatus (https://github.com/kubernetes/enhancements/pull/3802)

We need to switch from v1alpha1 to v1alpha2 for that.
2023-03-14 07:52:03 +01:00
Kubernetes Prow Robot
152876a3eb
Merge pull request #115668 from jiahuif-forks/feature/validating-admission-policy/type-system
Type System for ValidatingAdmissionPolicy
2023-03-13 23:27:09 -07:00
guangli.bao
e0e835c63c check if test volumes created 2023-03-14 14:09:54 +08:00
Kubernetes Prow Robot
dfc63f218c
Merge pull request #116557 from smarterclayton/sync_known_race
kubelet: TestSyncKnownPods should not race
2023-03-13 22:27:24 -07:00
Kubernetes Prow Robot
59b11feadd
Merge pull request #116553 from thockin/pr-111942-takeover
API docs trivial typo
2023-03-13 22:27:16 -07:00