github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 10:43:56 +00:00
Code Issues Projects Releases Wiki Activity
121,841 Commits 42 Branches 7,905 Tags 1.3 GiB
2010ca8c5a
Commit Graph

121841 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Prow Robot
2010ca8c5a
Merge pull request #123849 from AkihiroSuda/fix-123848 
e2e_node: mount_rro: skip if feature gate is disabled; fix error string comparison
 2024-03-11 08:51:34 -07:00
Kubernetes Prow Robot
b3926d137c
Merge pull request #123831 from klueska/fix-unprepare-resources 
Add StructuredResourceModel to UnprepareResources call
 2024-03-11 03:25:14 -07:00
Kubernetes Prow Robot
05ccec23aa
Merge pull request #123856 from aramase/aramase/t/reload_int_test_fix 
fix test flake in TestStructuredAuthenticationConfigReload
 2024-03-11 02:22:32 -07:00
Anish Ramasekar
51c26b7002
fix test flake in TestStructuredAuthenticationConfigReload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-10 22:36:26 -07:00
Akihiro Suda
ea14ccdf13
e2e_node: mount_rro: fix error string comparison 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-11 11:50:25 +09:00
Akihiro Suda
5cc1e56248
e2e_node: mount_rro: add SkipUnlessFeatureGateEnabled(RecursiveReadOnlyMounts) 
Fix issue 123848

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-11 11:50:25 +09:00
Kubernetes Prow Robot
ebc1a7b7fb
Merge pull request #123847 from wangzhen127/update-npd-configure 
Support fetching NPD from github releases in standalone mode
 2024-03-10 19:23:49 -07:00
Kubernetes Prow Robot
611dbaa055
Merge pull request #122790 from carlory/fix-121696 
Fix flaky test: Test_Run_OneVolumeDetachFailNodeWithReadWriteOnce
 2024-03-10 19:23:40 -07:00
Kubernetes Prow Robot
1f22594c9a
Merge pull request #123742 from thockin/cleanup_underscore_tmp 
Cleanup _tmp usage
 2024-03-10 17:53:44 -07:00
Kubernetes Prow Robot
52e857756b
Merge pull request #123846 from carlory/fix-update-go-workspace 
Fix the dirname command in macOS does not have a -z option
 2024-03-10 16:11:40 -07:00
Zhen Wang
3ce6c104e2 Support fetching NPD from github releases in standalone mode 
We stop releasing NPD tar files to gs://kubernetes-release. This PR
changes it to pull from github release notes by default. It still
supports overriding the defaults and pulling from a GCS bucket,
which is used by NPD CI tests.
 2024-03-10 21:49:29 +00:00
carlory
56da06b6dd Fix the dirname command in macOS does not have a -z option 2024-03-10 23:44:10 +08:00
Kubernetes Prow Robot
8f80e01467
Merge pull request #123719 from enj/enj/f/authn_config_beta 
Mark StructuredAuthenticationConfiguration feature gate as beta
 2024-03-09 17:09:56 -08:00
Kubernetes Prow Robot
09093f270a
Merge pull request #123793 from aramase/aramase/f/authn_config_reload_metrics 
Add metrics for authentication config reload
 2024-03-09 15:58:55 -08:00
Anish Ramasekar
62ac88b9ea
Add metrics for authentication config reload 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2024-03-09 14:40:22 -08:00
Kubernetes Prow Robot
77ecfb7800
Merge pull request #123525 from enj/enj/f/authn_config_reload 
Add dynamic reload support for authentication configuration
 2024-03-09 14:13:37 -08:00
Monis Khan
b4935d910d
Add dynamic reload support for authentication configuration 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-09 14:29:33 -05:00
Kubernetes Prow Robot
eafd2897e2
Merge pull request #123180 from AkihiroSuda/rro 
KEP-3857: Recursive Read-only (RRO) mounts
 2024-03-09 11:01:50 -08:00
Kevin Klues
13a6dcc21c dra kubelet: add StructuredResourceModel to UnprepareResources call 
Signed-off-by: Kevin Klues <kklues@nvidia.com>
 2024-03-09 18:08:14 +00:00
Akihiro Suda
d4925ce8f8
e2e: KEP-3857: Recursive Read-only (RRO) mounts 
Usage:
```
make test-e2e-node \
  TEST_ARGS='--service-feature-gates=RecursiveReadOnlyMounts=true --kubelet-flags="--feature-gates=RecursiveReadOnlyMounts=true"' \
  FOCUS="Mount recursive read-only" SKIP=""
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
c7f52b34f3
kubelet: KEP-3857: Recursive Read-only (RRO) mounts 
See <https://kep.k8s.io/3857>.

An example manifest:
```yaml
apiVersion: v1
kind: Pod
metadata:
  name: rro
spec:
  volumes:
    - name: mnt
      hostPath:
        # tmpfs is mounted on /mnt/tmpfs
        path: /mnt
  containers:
    - name: busybox
      image: busybox
      args: ["sleep", "infinity"]
      volumeMounts:
        # /mnt-rro/tmpfs is not writable
        - name: mnt
          mountPath: /mnt-rro
          readOnly: true
          mountPropagation: None
          recursiveReadOnly: IfPossible
        # /mnt-ro/tmpfs is writable
        - name: mnt
          mountPath: /mnt-ro
          readOnly: true
        # /mnt-rw/tmpfs is writable
        - name: mnt
          mountPath: /mnt-rw
```

Requirements:
- Feature gate "RecursiveReadOnlyMounts" to be enabled
- Linux kernel >= 5.12
- runc >= 1.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
6f12e1d8e5
kubelet: expose containerStatuses.volumeMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
dd0882a83e
kubelet: expose node.status.runtimeClasses 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 03:00:59 +09:00
Akihiro Suda
8db07446f1
api: validate RecursiveReadOnlyMounts 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-10 02:59:30 +09:00
Akihiro Suda
8828530fd5
node: dropDisabledFields: recognize RecursiveReadOnlyMounts gate 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:13 +09:00
Akihiro Suda
ce1918875f
pod: dropDisabledFields: recognize RecursiveReadOnlyMounts 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:12 +09:00
Akihiro Suda
d940886d0a
api: KEP-3857: Recursive Read-only (RRO) mounts 
This commit modifies the following files:

- pkg/apis/core/types.go
- staging/src/k8s.io/api/core/v1/types.go

Other changes were auto-generated by running `make update`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:12 +09:00
Akihiro Suda
0b1a507b00
pkg/features: add RecursiveReadOnlyMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:10 +09:00
Akihiro Suda
76081a10c2
kubelet: RuntimeHandler: add SupportsRecursiveReadOnlyMounts 
For KEP-3857: Recursive Read-only (RRO) mounts

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:09 +09:00
Akihiro Suda
27f24a62e3
kubelet: change map[string]RuntimeHandler to []RuntimeHandler 
The map is changed to an array so as to retain the order of the original array
propagated from the CRI runtime.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-09 09:48:07 +09:00
Kubernetes Prow Robot
d3d06c3c7e
Merge pull request #123826 from tenzen-y/use-fake-client-job-unit 
Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers
 2024-03-08 15:11:13 -08:00
Kubernetes Prow Robot
28c4d00c7d
Merge pull request #123344 from nilekhc/svm-controller 
[Storage Version Migration] feat: implements Storage Version Migration
 2024-03-08 13:45:16 -08:00
Yuki Iwai
f2508df279 Job: Use the fake clock in TestTrackJobStatusAndRemoveFinalizers 
Signed-off-by: Yuki Iwai <yuki.iwai.tz@gmail.com>
 2024-03-09 06:09:05 +09:00
Kubernetes Prow Robot
9a160fa780
Merge pull request #123737 from enj/enj/i/cel_email_verified 
Require email_verified to be used when email is set as username via CEL
 2024-03-08 11:25:37 -08:00
Nilekh Chaudhari
9161302e7f
feat: implements svm controller 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2024-03-08 19:25:10 +00:00
Monis Khan
121607e809
Require email_verified to be used when email is set as username via CEL 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2024-03-08 12:59:05 -05:00
Kubernetes Prow Robot
e0a142dc5c
Merge pull request #123815 from mimowo/job-managed-by-test2 
Follow up fix to the job status update test
 2024-03-08 08:00:35 -08:00
Kubernetes Prow Robot
5639f8f848
Merge pull request #123723 from mimowo/job-managed-by-impl-test 
Integration test for change in syncOrphanPod for managedBy jobs
 2024-03-08 06:35:36 -08:00
Kubernetes Prow Robot
74b2f4d976
Merge pull request #123821 from dims/check-taints-as-well-for-control-plane 
Check taints as well for control-plane
 2024-03-08 05:32:32 -08:00
Davanum Srinivas
ee64b30d05
Check taints as well for control-plane 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-03-08 07:17:21 -05:00
Michal Wozniak
acf6b500ee Follow up fix to the job status update test 2024-03-08 07:33:10 +01:00
Nilekh Chaudhari
91a7708cdc
feat: implements Storage Version Migration API in-tree 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2024-03-08 04:18:56 +00:00
Kubernetes Prow Robot
7ea3d0245a
Merge pull request #123516 from pohly/dra-structured-parameters 
DRA: structured parameters
 2024-03-07 19:24:48 -08:00
Kubernetes Prow Robot
5ec8dc8c6f
Merge pull request #123803 from dims/revert-portion-of-the-gpu-test-case 
Revert portion of the GPU testcase
 2024-03-07 18:21:15 -08:00
Kubernetes Prow Robot
9ad2aabc64
Merge pull request #123520 from haircommander/proc-mount-rely-userns-2 
KEP-4265: Update Unmasked ProcMountType to fail validation without a pod level user namespace
 2024-03-07 18:21:08 -08:00
Kubernetes Prow Robot
b1741c004b
Merge pull request #123811 from tallclair/apparmor-ga 
Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated
 2024-03-07 16:18:44 -08:00
Tim Allclair
04ac13b6b7 Keep providing the deprecated AppArmor CRI API for runtimes that haven't migrated 2024-03-07 15:00:07 -08:00
Kubernetes Prow Robot
364ef335db
Merge pull request #123412 from tenzen-y/add-new-jobsuccesspolicy-api 
Job: Support for the SuccessPolicy
 2024-03-07 14:49:20 -08:00
Patrick Ohly
6a361e1f36 dra api: enable new CEL features by faking their version 
There are two approaches for making new versioned CEL features available in the
release where they get introduced:
- Always use the environment for "StoredExpressions".
- Use an older version (typically 1.0) and only bump it up later.

The second approach was used before, so this is now also done here.
 2024-03-07 22:26:20 +01:00
Patrick Ohly
7f5566ac6f dra e2e: enable more tests for usage with structured parameters 
This finishes the shuffling around of test scenarios so that all of them which
make sense with structured parameters are also executed with those.
 2024-03-07 22:26:20 +01:00