kubernetes

mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-09 12:07:47 +00:00

Author	SHA1	Message	Date
Anish Ramasekar	51c26b7002	fix test flake in TestStructuredAuthenticationConfigReload Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2024-03-10 22:36:26 -07:00
xin.li	a4fe397ebd	kubeadm: increase ut converage for config/upgradeconfiguration Signed-off-by: xin.li <xin.li@daocloud.io>	2024-03-11 13:27:24 +08:00
Akihiro Suda	ea14ccdf13	e2e_node: mount_rro: fix error string comparison Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-11 11:50:25 +09:00
Akihiro Suda	5cc1e56248	e2e_node: mount_rro: add SkipUnlessFeatureGateEnabled(RecursiveReadOnlyMounts) Fix issue 123848 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-11 11:50:25 +09:00
Kubernetes Prow Robot	ebc1a7b7fb	Merge pull request #123847 from wangzhen127/update-npd-configure Support fetching NPD from github releases in standalone mode	2024-03-10 19:23:49 -07:00
Kubernetes Prow Robot	611dbaa055	Merge pull request #122790 from carlory/fix-121696 Fix flaky test: Test_Run_OneVolumeDetachFailNodeWithReadWriteOnce	2024-03-10 19:23:40 -07:00
Kubernetes Prow Robot	1f22594c9a	Merge pull request #123742 from thockin/cleanup_underscore_tmp Cleanup _tmp usage	2024-03-10 17:53:44 -07:00
Kubernetes Prow Robot	52e857756b	Merge pull request #123846 from carlory/fix-update-go-workspace Fix the dirname command in macOS does not have a -z option	2024-03-10 16:11:40 -07:00
Zhen Wang	3ce6c104e2	Support fetching NPD from github releases in standalone mode We stop releasing NPD tar files to gs://kubernetes-release. This PR changes it to pull from github release notes by default. It still supports overriding the defaults and pulling from a GCS bucket, which is used by NPD CI tests.	2024-03-10 21:49:29 +00:00
carlory	56da06b6dd	Fix the dirname command in macOS does not have a -z option	2024-03-10 23:44:10 +08:00
Kubernetes Prow Robot	8f80e01467	Merge pull request #123719 from enj/enj/f/authn_config_beta Mark StructuredAuthenticationConfiguration feature gate as beta	2024-03-09 17:09:56 -08:00
Kubernetes Prow Robot	09093f270a	Merge pull request #123793 from aramase/aramase/f/authn_config_reload_metrics Add metrics for authentication config reload	2024-03-09 15:58:55 -08:00
Anish Ramasekar	62ac88b9ea	Add metrics for authentication config reload Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2024-03-09 14:40:22 -08:00
Kubernetes Prow Robot	77ecfb7800	Merge pull request #123525 from enj/enj/f/authn_config_reload Add dynamic reload support for authentication configuration	2024-03-09 14:13:37 -08:00
Monis Khan	b4935d910d	Add dynamic reload support for authentication configuration Signed-off-by: Monis Khan <mok@microsoft.com>	2024-03-09 14:29:33 -05:00
Kubernetes Prow Robot	eafd2897e2	Merge pull request #123180 from AkihiroSuda/rro KEP-3857: Recursive Read-only (RRO) mounts	2024-03-09 11:01:50 -08:00
Kevin Klues	13a6dcc21c	dra kubelet: add StructuredResourceModel to UnprepareResources call Signed-off-by: Kevin Klues <kklues@nvidia.com>	2024-03-09 18:08:14 +00:00
Akihiro Suda	d4925ce8f8	e2e: KEP-3857: Recursive Read-only (RRO) mounts Usage: ``` make test-e2e-node \ TEST_ARGS='--service-feature-gates=RecursiveReadOnlyMounts=true --kubelet-flags="--feature-gates=RecursiveReadOnlyMounts=true"' \ FOCUS="Mount recursive read-only" SKIP="" ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-10 03:00:59 +09:00
Akihiro Suda	c7f52b34f3	kubelet: KEP-3857: Recursive Read-only (RRO) mounts See <https://kep.k8s.io/3857>. An example manifest: ```yaml apiVersion: v1 kind: Pod metadata: name: rro spec: volumes: - name: mnt hostPath: # tmpfs is mounted on /mnt/tmpfs path: /mnt containers: - name: busybox image: busybox args: ["sleep", "infinity"] volumeMounts: # /mnt-rro/tmpfs is not writable - name: mnt mountPath: /mnt-rro readOnly: true mountPropagation: None recursiveReadOnly: IfPossible # /mnt-ro/tmpfs is writable - name: mnt mountPath: /mnt-ro readOnly: true # /mnt-rw/tmpfs is writable - name: mnt mountPath: /mnt-rw ``` Requirements: - Feature gate "RecursiveReadOnlyMounts" to be enabled - Linux kernel >= 5.12 - runc >= 1.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-10 03:00:59 +09:00
Akihiro Suda	6f12e1d8e5	kubelet: expose `containerStatuses.volumeMounts` For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-10 03:00:59 +09:00
Akihiro Suda	dd0882a83e	kubelet: expose `node.status.runtimeClasses` For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-10 03:00:59 +09:00
Akihiro Suda	8db07446f1	api: validate RecursiveReadOnlyMounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-10 02:59:30 +09:00
Alvaro Aleman	b2eb6e7d03	Nodelifecycle: Emit event when deletion failed The nodelifecycle controller emits an event before it deletes a node. Failures doing so for example due to a webhook are pretty hidden though, as they are only logged in the controller-manager. This change makes us emit an event for failing to delete a node including the error as well.	2024-03-09 11:51:36 -05:00
Akihiro Suda	8828530fd5	node: dropDisabledFields: recognize RecursiveReadOnlyMounts gate Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-09 09:48:13 +09:00
Akihiro Suda	ce1918875f	pod: dropDisabledFields: recognize RecursiveReadOnlyMounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-09 09:48:12 +09:00
Akihiro Suda	d940886d0a	api: KEP-3857: Recursive Read-only (RRO) mounts This commit modifies the following files: - pkg/apis/core/types.go - staging/src/k8s.io/api/core/v1/types.go Other changes were auto-generated by running `make update`. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-09 09:48:12 +09:00
Akihiro Suda	0b1a507b00	pkg/features: add RecursiveReadOnlyMounts For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-09 09:48:10 +09:00
Akihiro Suda	76081a10c2	kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts For KEP-3857: Recursive Read-only (RRO) mounts Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-09 09:48:09 +09:00
Akihiro Suda	27f24a62e3	kubelet: change map[string]RuntimeHandler to []RuntimeHandler The map is changed to an array so as to retain the order of the original array propagated from the CRI runtime. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-03-09 09:48:07 +09:00
Kubernetes Prow Robot	d3d06c3c7e	Merge pull request #123826 from tenzen-y/use-fake-client-job-unit Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers	2024-03-08 15:11:13 -08:00
Kubernetes Prow Robot	28c4d00c7d	Merge pull request #123344 from nilekhc/svm-controller [Storage Version Migration] feat: implements Storage Version Migration	2024-03-08 13:45:16 -08:00
Yuki Iwai	f2508df279	Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>	2024-03-09 06:09:05 +09:00
Kubernetes Prow Robot	9a160fa780	Merge pull request #123737 from enj/enj/i/cel_email_verified Require email_verified to be used when email is set as username via CEL	2024-03-08 11:25:37 -08:00
Nilekh Chaudhari	9161302e7f	feat: implements svm controller Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>	2024-03-08 19:25:10 +00:00
Monis Khan	121607e809	Require email_verified to be used when email is set as username via CEL Signed-off-by: Monis Khan <mok@microsoft.com>	2024-03-08 12:59:05 -05:00
Michal Wozniak	79fe37537c	Adjust the validation to the current state	2024-03-08 17:43:24 +01:00
Michal Wozniak	1163c7ed9c	Adjust the API comments to the current state	2024-03-08 17:29:49 +01:00
Kubernetes Prow Robot	e0a142dc5c	Merge pull request #123815 from mimowo/job-managed-by-test2 Follow up fix to the job status update test	2024-03-08 08:00:35 -08:00
Kubernetes Prow Robot	5639f8f848	Merge pull request #123723 from mimowo/job-managed-by-impl-test Integration test for change in syncOrphanPod for managedBy jobs	2024-03-08 06:35:36 -08:00
Joel Speed	793ac57e5a	Fix field path on CustomResource status update validations	2024-03-08 18:00:05 +04:00
Kubernetes Prow Robot	74b2f4d976	Merge pull request #123821 from dims/check-taints-as-well-for-control-plane Check taints as well for control-plane	2024-03-08 05:32:32 -08:00
Davanum Srinivas	ee64b30d05	Check taints as well for control-plane Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2024-03-08 07:17:21 -05:00
Michal Wozniak	acf6b500ee	Follow up fix to the job status update test	2024-03-08 07:33:10 +01:00
Nilekh Chaudhari	91a7708cdc	feat: implements Storage Version Migration API in-tree Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>	2024-03-08 04:18:56 +00:00
Kubernetes Prow Robot	7ea3d0245a	Merge pull request #123516 from pohly/dra-structured-parameters DRA: structured parameters	2024-03-07 19:24:48 -08:00
Kubernetes Prow Robot	5ec8dc8c6f	Merge pull request #123803 from dims/revert-portion-of-the-gpu-test-case Revert portion of the GPU testcase	2024-03-07 18:21:15 -08:00
Kubernetes Prow Robot	9ad2aabc64	Merge pull request #123520 from haircommander/proc-mount-rely-userns-2 KEP-4265: Update Unmasked ProcMountType to fail validation without a pod level user namespace	2024-03-07 18:21:08 -08:00
Kubernetes Prow Robot	b1741c004b	Merge pull request #123811 from tallclair/apparmor-ga Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated	2024-03-07 16:18:44 -08:00
Tim Allclair	04ac13b6b7	Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated	2024-03-07 15:00:07 -08:00
Kubernetes Prow Robot	364ef335db	Merge pull request #123412 from tenzen-y/add-new-jobsuccesspolicy-api Job: Support for the SuccessPolicy	2024-03-07 14:49:20 -08:00

... 14 15 16 17 18 ...

122625 Commits