Commit Graph

129141 Commits

Author SHA1 Message Date
Dan Winship
90c8f9aef1 Don't write out dummy zone hints in clusters with no zones
If you set `trafficDistribution: PreferClose` on a service in a
cluster with no defined zones, then it would add

  hints:
    forZones:
    - name: ""

to each endpoint. This ended up working anyway since kube-proxy would
likewise end up looking for an endpoint for the "" zone, but it's
unnecessary, since you'd get exactly the same behavior by just leaving
all of the endpoints unhinted. (Of course there's no point in using
PreferClose traffic distribution in this case, but this will make
PreferSameNode cleaner.)
2025-03-19 08:39:13 -04:00
Dan Winship
413af836b3 Minor updates to traffic distribution unit tests
Merge TestReconcileHints_trafficDistribution_is_PreferClose and
TestReconcileHints_trafficDistribution_is_nil_or_empty together.
Change the `trafficDistribution: ""` test to `trafficDistribution:
Unknown`, since `""` is not actually a possible value (but we should
still test that unknown values are ignored, to prevent weird skew
bugs).

Fill in the NodeName field in the endpoints. It's not needed yet but
it will be.
2025-03-19 08:39:13 -04:00
Dan Winship
af3584778e update generate docs for PreferSameTrafficDistribution 2025-03-19 08:39:13 -04:00
Dan Winship
4435ead24a Add PreferSameTrafficDistribution feature gate and associated API. 2025-03-19 08:39:13 -04:00
Dan Winship
6ca82f9c16 Update the use of sets in EndpointSlice validation
Don't use sets for validating port name and zone hint uniqueness,
since constructing a new set each time is likely to be less efficient
than just doing a linear search.

Keep the sets for supportedAddressTypes and supportedPortProtocols
(since they're only constructed once) but switch to the generic set
API.
2025-03-19 08:39:13 -04:00
Marek Siarkowicz
929a9c0cad Extend shouldDelegateList testing incorportating state of cacher 2025-03-19 12:40:33 +01:00
Kubernetes Prow Robot
73f54b67b2
Merge pull request #130816 from macsko/move_scheduler_perf_topology_spreading_tests_to_separate_package
Move scheduler_perf topology spreading tests to a separate package
2025-03-19 02:00:37 -07:00
Akihiro Suda
09fdae408f
pkg/kubelet/userns: add idsPerPod tests
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-03-19 17:26:11 +09:00
Akihiro Suda
1592bfa4a8
kubelet: config: add userNamespaces.idsPerPod
IDsPerPod is the mapping length of subids for UserNS.
The length must be multiple of 65536.
Default: 65536

Implements kubernetes/enhancements PR 5020 (addendum to KEP-127)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-03-19 17:26:11 +09:00
Patrick Ohly
9f161590be metrics testing: add type aliases to avoid direct prometheus imports
In tests it is sometimes unavoidable to use the Prometheus types directly,
for example when writing a custom gatherer which needs to normalize data
before testing it. device_taint_eviction_test.go does this to strip
out unpredictable data in a histogram.

With type aliases in a package that is explicitly meant for tests we
can avoid adding exceptions for such tests to the global exception list.
2025-03-19 09:18:38 +01:00
Patrick Ohly
37b47f4724 DRA helper: support dropped fields and TimeAdded defaults
Both the new DeviceTaint.TimeAdded and dropped fields when
the DRADeviceTaints feature is disabled confused the ResourceSlice
controller because what is stored and sent back can be different
from what the controller wants to store.

It's now more lenient regarding TimeAdded (doesn't need to be exact because of
rounding during serialization, only having a value on the server is okay)
and dropped fields (doesn't try to store them again). It also preserves
a server-side TimeAdded when updating slices.
2025-03-19 09:18:38 +01:00
Patrick Ohly
2499663b84 DRA E2E: tests for device taints 2025-03-19 09:18:38 +01:00
Jon Huhn
5760a4f282 DRA scheduler: device taints and tolerations
Thanks to the tracker, the plugin sees all taints directly in the device
definition and can compare it against the tolerations of a request while
trying to find a device for the request.

When the feature is turnedd off, taints are ignored during scheduling.
2025-03-19 09:18:38 +01:00
Patrick Ohly
a027b439e5 DRA: add device taint eviction controller
The controller is derived from the node taint eviction controller.
In contrast to that controller it tracks the UID of pods to prevent
deleting the wrong pod when it got replaced.
2025-03-19 09:18:38 +01:00
Keita Mochizuki
07a275437f
kubectl debug: Display a warning message that the debug container's capabilities may not work with a non-root user (#127696)
* Add warning message about capabilities of debug container

* fix1

* fix2

* fix3
2025-03-19 00:50:30 -07:00
Rita Zhang
0301e5a9f8
DRA: AdminAccess validate based on namespace label
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-03-18 22:56:54 -07:00
Kubernetes Prow Robot
3a14b619d5
Merge pull request #130910 from googs1025/fix/datarace
flake: fix data race for func TestBackoff_Step
2025-03-18 22:49:55 -07:00
Kubernetes Prow Robot
a6227695ab
Merge pull request #128402 from richabanker/mvp-agg-discovery
KEP 4020: Replace StorageVersionAPI with aggregated discovery to fetch served resources by a peer apiserver
2025-03-18 21:43:49 -07:00
Kubernetes Prow Robot
4dfed146e0
Merge pull request #130891 from pohly/dra-scheduler-plugin-unit-test-fix
DRA scheduler: fix potential panic during unit test verification
2025-03-18 20:34:16 -07:00
Kubernetes Prow Robot
9f8a84930d
Merge pull request #130573 from natasha41575/pod-conditions
[FG:PodObservedGenerationTracking] kubelet sets observedGeneration on pod conditions
2025-03-18 20:34:08 -07:00
Kubernetes Prow Robot
f287bc21b7
Merge pull request #130115 from danmillwood/danmillwood-dispatcher-test-patch
Fix intermittent failure in TestDispatcher test
2025-03-18 20:34:01 -07:00
Kubernetes Prow Robot
3b6596d1e0
Merge pull request #130020 from mozillazg/patch-3
test: fix a typo
2025-03-18 20:33:49 -07:00
googs1025
2f1f19a992 flake: fix data race for func TestBackoff_Step 2025-03-19 10:48:58 +08:00
Kubernetes Prow Robot
32b1819423
Merge pull request #130906 from serathius/streaming-validation
Update kube-openapi and integrate streaming tags validation
2025-03-18 18:46:00 -07:00
Kubernetes Prow Robot
7fb8bd8aca
Merge pull request #130905 from tallclair/ippr-beta
[FG:InPlacePodVerticalScaling] Graduate to Beta
2025-03-18 18:45:54 -07:00
Kubernetes Prow Robot
83f8513db8
Merge pull request #130550 from sanposhiho/async-preemption-beta
feat: graduate the async preemption feature to beta
2025-03-18 17:17:54 -07:00
Kubernetes Prow Robot
6a968c5789
Merge pull request #130904 from serathius/watchcache-corrupt
In TestListCorruptObject corrupt the object in etcd instead of changing encryption key
2025-03-18 16:09:55 -07:00
Marek Siarkowicz
75a4d136ab Update kube-openapi and integrate streaming tags validation 2025-03-18 23:52:55 +01:00
Tim Allclair
cd1a5c6d5c Fix Kubelet unit tests 2025-03-18 15:51:09 -07:00
Kubernetes Prow Robot
94d66387d0
Merge pull request #130553 from Phaow/vac-e2e
Add protection finalizer to vac when it is created
2025-03-18 14:59:54 -07:00
Kubernetes Prow Robot
0f7ab496c1
Merge pull request #130901 from deads2k/perms
add API approvers to generated applyconfigurations
2025-03-18 13:52:12 -07:00
Kubernetes Prow Robot
fe60c4316e
Merge pull request #130514 from xigang/daemonset
Add workqueue for node updates in DaemonSetController
2025-03-18 13:52:04 -07:00
Kubernetes Prow Robot
64621d17a6
Merge pull request #129832 from pohly/dra-seamless-upgrade
DRA: seamless driver upgrades
2025-03-18 13:51:51 -07:00
Marek Siarkowicz
506e4fed14 In TestListCorruptObject corrupt the object in etcd instead of changing encryption key
Changing the encryption key doesn't work with watch cache as it doesn't
break decoding newly written objects. A new object will be written using
a new key, and decoded using a new key.
2025-03-18 21:49:17 +01:00
Dawei Wei
413e867f53 [KEP-5100] WinDSR to Beta 2025-03-18 13:46:45 -07:00
Richa Banker
8b2cee83c1 Replace StorageVersion API with aggregated discovery to fetch served resources by a peer for MVP
Co-authored-by: Joe Betz <jpbetz@google.com>

Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2025-03-18 13:27:27 -07:00
Marek Siarkowicz
c09d87f79c Implement watchcache returning error from etcd that caused cache reinitialization 2025-03-18 21:20:11 +01:00
Patrick Ohly
13d04d4a92 DRA device taints: copy taintseviction controller
This is a verbatim copy of the current pkg/controller/taintseviction code,
revision fc268ecd09 (v1.33.0 plus one commit),
minus the TimedWorker helper.

The intent is to modify the code such that it enforces eviction of pods which
use tainted devices.
2025-03-18 20:52:54 +01:00
Patrick Ohly
6478ca5859 ktesting: fix per-test logging in TContext.Run and WithTB
WithTB was originally defined as "uses the existing logger". But what we want
there and in the newer TContext.Run is the usual per-test logging, now for the
sub-test.
2025-03-18 20:52:54 +01:00
Jon Huhn
939c9c0c6b DRA: add ResourceSlice tracker
The purpose of the tracker is to emulate a ResourceSlice informer, including
cache and event handlers. In contrast to that informer, the tracker adds taints
from a DeviceTaint such that they appear in the ResourceSlice device
definition. Code using the tracker doesn't need to care where the taints are
coming from.

The main advantage is that it enables fine-grained reactions to taints that
only affect a few devices, the common case. Without this tracker, the pod
eviction controller would have to sync all pods when any slice or any taint
change.

In the scheduler it avoids re-evaluating the selection criteria repeatedly.
The tracker serves as a cross-pod-scheduling cache.
2025-03-18 20:52:54 +01:00
Patrick Ohly
99dbd85c45 DRA: generated files for device taints API 2025-03-18 20:52:54 +01:00
Patrick Ohly
797475e113 DRA: add device taints API
This adds the "DeviceTaint" top-level type to v1alpha3 and related fields to
ResourceSlice and ResourceClaim. It's complete enough bring up an API server
and generate files.
2025-03-18 20:52:54 +01:00
Patrick Ohly
7fb028a433 DRA: add DRADeviceTaints feature 2025-03-18 20:52:54 +01:00
Kubernetes Prow Robot
fe27448ee4
Merge pull request #130833 from rzlink/master
Add Unit Tests for Windows DSR and Overlay Support
2025-03-18 12:45:56 -07:00
Eddie Torres
c766a52356
Implement KEP 4876 Mutable CSINode (#130007)
* Implement KEP-4876 Mutable CSINode Allocatable Count

Signed-off-by: torredil <torredil@amazon.com>

* Update TestGetNodeAllocatableUpdatePeriod

Signed-off-by: torredil <torredil@amazon.com>

* Implement CSINodeUpdater

Signed-off-by: torredil <torredil@amazon.com>

* Use sync.Once in csiNodeUpdater

Signed-off-by: torredil <torredil@amazon.com>

* ImVerify driver is installed before running periodic updates

Signed-off-by: torredil <torredil@amazon.com>

* Update NodeAllocatableUpdatePeriodSeconds type comment

Signed-off-by: torredil <torredil@amazon.com>

* Leverage apivalidation.ValidateImmutableField in ValidateCSINodeUpdate

Signed-off-by: torredil <torredil@amazon.com>

* Update strategy functions

Signed-off-by: torredil <torredil@amazon.com>

* Run hack/update-openapi-spec.sh

Signed-off-by: torredil <torredil@amazon.com>

* Update VolumeError.ErrorCode field

Signed-off-by: torredil <torredil@amazon.com>

* CSINodeUpdater improvements

Signed-off-by: torredil <torredil@amazon.com>

* Iron out concurrency in syncDriverUpdater

Signed-off-by: torredil <torredil@amazon.com>

* Run hack/update-openapi-spec.sh

Signed-off-by: torredil <torredil@amazon.com>

* Revise logging

Signed-off-by: torredil <torredil@amazon.com>

* Revise log in VerifyExhaustedResource

Signed-off-by: torredil <torredil@amazon.com>

* Update API validation

Signed-off-by: torredil <torredil@amazon.com>

* Add more code coverage

Signed-off-by: torredil <torredil@amazon.com>

* Fix pull-kubernetes-linter-hints

Signed-off-by: torredil <torredil@amazon.com>

* Update API types documentation

Signed-off-by: torredil <torredil@amazon.com>

* Update strategy and validation for new errorCode field

Signed-off-by: torredil <torredil@amazon.com>

* Update validation tests after strategy changes

Signed-off-by: torredil <torredil@amazon.com>

* Update VA status strategy

Signed-off-by: torredil <torredil@amazon.com>

---------

Signed-off-by: torredil <torredil@amazon.com>
2025-03-18 12:45:49 -07:00
Tim Allclair
9be73c0d67 Graduate InPlacePodVerticalScaling to beta 2025-03-18 12:26:42 -07:00
Kubernetes Prow Robot
55573a0739
Merge pull request #130823 from torredil/update-storage-csi-test-manifests
Update hostpathplugin image to v1.16.1
2025-03-18 11:28:01 -07:00
Kubernetes Prow Robot
b658aa1e79
Merge pull request #130796 from ndixita/pod-level-resources-ippr
Replace PodResourceAllocation with PodResourceInfoMap type and cleanup
2025-03-18 11:27:49 -07:00
David Eads
691398c856 add API approvers to generated applyconfigurations
API approvers review new fields and need permissions to approve the
files generated from those new fields
2025-03-18 13:29:10 -04:00
xigang
aa32537e9a Add workqueue for node updates in DaemonSetController
Signed-off-by: xigang <wangxigang2014@gmail.com>
2025-03-19 01:09:44 +08:00