This patch fixes an issue where best-effort pods were not admitted
to the node if the single-numa-node policy was set.
This was because the Admit policy in single-numa-node policy does
not admit any pod where the hint is anything but single NUMA node. The 'best hint' in this case is {<set bits for num. Numa Nodes on machine>, true}
So on a machine with 2 NUMA nodes the best hint for a best-effort pod is {11,true} as best-effort pods have no Topology preferences.
The single-numa-node policy fails any pod with a not preferred hint OR a hint where > 1 bits are set, thus the above example resulting in termintaed pods with a Topology Affinity Error.
This is a short term fix for the single-numa-node policy, as there will be code refactoring for the 1.17 release.
The flag has been problematic and abused by users.
While perhaps its original purpose was to be able to feed
a new version of the control-plane it also made it possible
to apply modifications to the ClusterConfiguration object
in the cluster. The lack of a feature in kubeadm for reconfiguration
of running clusters resulted in users using this flag for
the same purpose.
While it works for certain scenarios like updating
a static Pod for this control-plane only, it can result in
unexpected behavior if the user has for example fed a node name
different than the host name, when originally they created this node.
kubeadm 1.16 introduced the "kustomize" feature that
is a potential replacement for this user demand.
Add warning that this flag should not be used.
GetAttributes is called repeatedly while setting the fsGroup of a
volume. Previously, it recalculated whether SELinux was supported during
each call. This resulted in volume.SetVolumeOwnership taking a long
time, delaying pod startup for high file count volumes.
This change checks the SELinux status once, right after node publish,
allowing GetAttributes to simply build and return a struct.
Signed-off-by: John Strunk <jstrunk@redhat.com>
The `TooLong` validation message mentioned characters, but the `len`
function actually measures bytes, no characters. This switches it over
to use bytes.
Characters are mostly an illusory concept anyway -- a vain attempt to
shield our minds against the lovecraftian nightmares that comes from
attemping to truly comprehend that eldritch treatise known as the
Unicode standard. Which is to say: measuring things in characters is
hard and mostly ambiguous, and probably not what we meant to do.
