github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity
109,778 Commits 42 Branches 7,905 Tags 1.3 GiB
138e80819e
Commit Graph

109778 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rodrigo Campos
138e80819e kubelet: set user namespace options 
Set the user namespace options to use for the pod.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
67b38ffe6e kubelet: propagate errors from namespacesForPod 
it is a preparatory change for the next commit.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
695b30e91c volume: use GetHostIDsForPod() 
This commit only changes the UID/GID if user namespaces is enabled. When
it is enabled, it changes it so the hostUID and hostGID that are mapped
to the currently used UID/GID. This is needed so volumes are created
with the hostUID/hostGID and the user inside the container can read
them.

If user namespaces are disabled for this pod, this is a no-op: there is
no user namespace mapping, so the hostUID/hostGID are the same as inside
the container.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
d07c2688fe kubelet: add GetHostIDsForPod() 
In future commits we will need this to set the user/group of supported
volumes of KEP 127 - Phase 1.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
9b2fc639a0 kubelet: add GetUserNamespaceMappings to RuntimeHelper 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
63462285d5 kubelet: add userns manager 
it is used to allocate and keep track of the unique users ranges
assigned to each pod that runs in a user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Rodrigo Campos
cf8164bccf apis: add validation for HostUsers 
This commit just adds a validation according to KEP-127. We check that
only the supported volumes for phase 1 of the KEP are accepted.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-03 19:53:22 +02:00
Giuseppe Scrivano
482e76dc2c features: add UserNamespacesSupport feature 
define a feature gate for the user namespaces support.  The feature is
not enabled by default.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-03 13:18:11 +02:00
Giuseppe Scrivano
9e9b23fd3c
pkg/apis, staging: add HostUsers to pod spec 
It is used to request that a pod runs in a unique user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-08-02 23:47:58 +02:00
Giuseppe Scrivano
eee5fa8b8d
volume: use the effective uid 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-08-02 23:47:58 +02:00
Kubernetes Prow Robot
8f3b2813dc
Merge pull request #111642 from harche/evented_pleg_cri_changes 
Update CRI API to support Evented PLEG
 2022-08-02 13:59:16 -07:00
Kubernetes Prow Robot
1de16be28f
Merge pull request #111462 from jprzychodzen/controllers 
Enable 'running_managed_controllers' for KCM/CCM controllers: routes, services and cloud-node
 2022-08-02 13:59:09 -07:00
Kubernetes Prow Robot
369a465fae
Merge pull request #111301 from mattcary/migration-feature 
Upgrade CSIMigrationGCE feature gate to GA
 2022-08-02 13:58:57 -07:00
Kubernetes Prow Robot
9fb1f67af7
Merge pull request #111278 from arpitsardhana/master 
KEP-3327: Add CPUManager policy option to align CPUs by Socket instead of by NUMA node
 2022-08-02 13:58:45 -07:00
Kubernetes Prow Robot
448e48b8a6
Merge pull request #111633 from pohly/ginkgo-no-color 
ginkgo: disable color escape sequences by default when not connected to a terminal
 2022-08-02 12:48:25 -07:00
Kubernetes Prow Robot
22eab136f6
Merge pull request #111557 from alexzielenski/update-smd-422 
update smd to 4.2.3
 2022-08-02 12:48:17 -07:00
Kubernetes Prow Robot
96439a0c3c
Merge pull request #111547 from kerthcet/feat/mark-cc-v1beta2-deprecated 
Deprecate kubescheduler ComponentConfig v1beta2
 2022-08-02 12:48:06 -07:00
Kubernetes Prow Robot
d4c7542878
Merge pull request #111522 from ii/promote-namespace-status-test 
Promote NamespaceStatus endpoints test +3 Endpoints
 2022-08-02 12:47:54 -07:00
Kubernetes Prow Robot
bc4c4930ff
Merge pull request #111475 from alculquicondor/clear_pod_disruption 
Add worker to clean up stale DisruptionTarget condition
 2022-08-02 11:38:18 -07:00
Kubernetes Prow Robot
d40bc18461
Merge pull request #105126 from sallyom/tracing-kubelet 
kubelet tracing instrumentation
 2022-08-02 11:38:06 -07:00
Kubernetes Prow Robot
c20ab84692
Merge pull request #104386 from shawnhanx/ut_2 
Add unit tests for registry/admissionregistration/validatingwebhookconfiguration
 2022-08-02 11:37:54 -07:00
Harshal Patil
668b2440c5 Update CRI API to support Evented PLEG 
Signed-off-by: Harshal Patil <harpatil@redhat.com>
 2022-08-03 00:01:13 +05:30
Arpit Singh
d92fd8392d Adding unit test for align-by-socket policy option 
Also addressed MR comments as part of same commit.
 2022-08-02 11:02:07 -07:00
Arpit Singh
06f347f645 Adding validity checks for topology manager align-by-socket 2022-08-02 11:02:07 -07:00
Arpit Singh
35849bf7fb KEP-3327: Add CPUManager policy option to align CPUs by Socket instead of by NUMA node 2022-08-02 11:02:07 -07:00
Kubernetes Prow Robot
51ea7b2169
Merge pull request #111523 from wongma7/e2epvcns 
Fix missing format string PVC namespace
 2022-08-02 10:23:56 -07:00
Kubernetes Prow Robot
9ef16e7908
Merge pull request #108554 from pacoxu/bad-input-1 
add deprecated warning for node beta labels in pv/sc/rc/csi storage capacity
 2022-08-02 10:23:44 -07:00
Alexander Zielenski
e77ed0bc2e
update smd to 4.2.3 2022-08-02 10:07:50 -07:00
Kubernetes Prow Robot
70dcb0f129
Merge pull request #111618 from Jiawei0227/flocker 
cleanup: Remove flocker volume plugins from k8s codebase
 2022-08-02 09:16:16 -07:00
Kubernetes Prow Robot
c718f64b3f
Merge pull request #111507 from mborsz/compr 
Add flag to disable compression for local traffic
 2022-08-02 09:16:08 -07:00
Kubernetes Prow Robot
c396744a6a
Merge pull request #110688 from jsafrane/test-iscsi 
Fix iSCSI over ipv6
 2022-08-02 09:15:56 -07:00
Kubernetes Prow Robot
3051cb2ba1
Merge pull request #108624 from ialidzhikov/cleanup/service-account-api-audiences 
apiserver: Remove the deprecated `--service-account-api-audiences` flag
 2022-08-02 09:15:44 -07:00
Matthew Cary
e5d387c5d6 Upgrade CSIMigrationGCE feature gate to GA 
Change-Id: I620bc4913765c0d6562eb1008216a72e8b0a2970
 2022-08-02 09:14:27 -07:00
Aldo Culquicondor
4188d9b646 Add worker to clean up stale DisruptionTarget condition 
Change-Id: I907fbdf01e7ff08d823fb23aa168ff271d8ff1ee
 2022-08-02 11:25:01 -04:00
Aldo Culquicondor
dad8454ebb Add clock interface to disruption controller 
To be able to write more precise unit tests in the future

Change-Id: I8f45947dfacca501acd856849bd978fad0f735cd
 2022-08-02 11:17:29 -04:00
Kubernetes Prow Robot
0d46dc1f46
Merge pull request #111619 from Jiawei0227/quobyte 
cleanup: Remove quobyte volume plugins from k8s codebase
 2022-08-02 08:09:57 -07:00
Kubernetes Prow Robot
fa202f1483
Merge pull request #110959 from mimowo/retriable-pod-failures-pod-conditions 
Append new pod conditions when deleting pods to indicate the reason for pod deletion
 2022-08-02 08:09:45 -07:00
kerthcet
c8fbd78c16 Deprecate kubescheduler ComponentConfig v1beta2 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2022-08-02 22:11:11 +08:00
Maciej Borsz
023583a155 Add an option to conditionally disable compression based on client ip. 2022-08-02 13:59:20 +00:00
Kubernetes Prow Robot
7bcd739851
Merge pull request #111623 from muyangren2/addtest_flags 
add test for GetNodeNameAndHostname
 2022-08-02 05:31:45 -07:00
Patrick Ohly
9ff8bdbd25 ginkgo: disable color escape sequences by default when not connected to a terminal 
This applies to all jobs using hack/ginkgo-e2e.sh. This is done because
Spyglass does not render the escape sequences, making test output harder to
read.

It is done here because then we don't need to set GINKGO_NO_COLOR in all the
different Prow job configs.
 2022-08-02 14:19:10 +02:00
Michal Wozniak
04fcbd721c Introduction of a pod condition type indicating disruption. Its reason field indicates the reason: 
- PreemptionByKubeScheduler (Pod preempted by kube-scheduler)
- DeletionByTaintManager (Pod deleted by taint manager due to NoExecute taint)
- EvictionByEvictionAPI (Pod evicted by Eviction API)
- DeletionByPodGC (an orphaned Pod deleted by PodGC)PreemptedByScheduler (Pod preempted by kube-scheduler)
 2022-08-02 11:12:16 +02:00
Kubernetes Prow Robot
719f3cf8da
Merge pull request #111555 from tallclair/pod-e2e-retry 
Minor fixes to e2epod wait logic
 2022-08-02 02:09:45 -07:00
Kubernetes Prow Robot
6ce72e1198
Merge pull request #111628 from thockin/master 
Remove some unused functions
 2022-08-02 01:00:29 -07:00
Jakub Przychodzeń
08749750a9 Enable 'running_managed_controllers' for few more controllers 2022-08-02 07:33:32 +00:00
Tim Hockin
0e1c15e099 Remove some unused functions 2022-08-01 23:52:46 -07:00
Kubernetes Prow Robot
ea21947641
Merge pull request #111426 from ping035627/k8s-220726 
Update design-proposals URL
 2022-08-01 23:50:30 -07:00
muyangren2
fc976d9f89 add test for GetNodeNameAndHostname 2022-08-02 11:03:21 +08:00
Kubernetes Prow Robot
cdc60112a6
Merge pull request #111119 from aramase/aes-gcm-part-2 
feat:(kms) encrypt data with DEK using AES-GCM instead of AES-CBC
 2022-08-01 19:22:28 -07:00
PingWang
473be65a3c Update design-proposals URL 
Signed-off-by: PingWang <wang.ping5@zte.com.cn>

update url

Signed-off-by: PingWang <wang.ping5@zte.com.cn>
 2022-08-02 09:13:38 +08:00