Commit Graph

107235 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
c227403973
Merge pull request #108568 from stevekuznetsov/skuznets/verbose-error
kubelet: cgroups: be verbose about validation
2022-03-10 11:59:07 -08:00
Kubernetes Prow Robot
3c10cc815f
Merge pull request #108638 from stevekuznetsov/skuznets/stop-parsing-rv-e2e
e2e: do not parse resourceVersion
2022-03-10 10:47:21 -08:00
Steve Kuznetsov
305652a432
conformance: do not parse resourceVersion
This test wishes to observe a watch event. In order to do this in the
past, the test chose a well-known `Service` object, fetched it, and did
arithmetic on the returned `resourceVersion` in order to start a watch
that was guaranteed to see an event. It is not valid to parse the
`resourceVersion` as an integer or to do arithmetic on it, so in order
to make the test conformant to an appropriate use of the API it now:

 - creates a namespace
 - fetches the current `resourceVersion`
 - creates an object
 - watches from the previous `resourceVersion` that was read

This ensures that an event is seen by the watch, but uses the publically
supported API.

`ConfigMap`s are used instead of `Service`s as they do not require a
valid `spec` for creation and make the test terser.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2022-03-10 09:46:04 -08:00
Lubomir I. Ivanov
76e8a067d1 kubeadm: fix bad indentation in the API go docs
For the YAML examples, make the indentation consistent
by starting with a space and following with a TAB.
Also adjust the indentation of some fields to place them under
the right YAML field parent - e.g. ignorePreflightErrors
is under nodeRegistration.
2022-03-10 18:36:13 +02:00
Claudiu Belu
720ffb826a tests: Updates the should delete a collection of pods test
We should wait for all 3 pods after we've spawned them, instead of
spawning and waiting for them sequentially.
2022-03-10 08:32:50 -08:00
Steve Kuznetsov
8f2bc39f72
kubelet: cgroups: be verbose about validation
Previously, callers of `Exists()` would not know why the cGroup was or
was not existing. In one call-site in particular, the `kubelet` would
entirely fail to start if the cGroup validation did not succeed. In
these cases we MUST explain what went wrong and pass that information
clearly to the caller. Previously, some but not all of the reasons for
invalidation were logged at a low log-level instead. This led to poor
UX.

The original method was retained on the interface so as to make this
diff small.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2022-03-10 07:25:33 -08:00
Hemant Kumar
7fe33bfb7c Remove needless checks for nodestage during expansion 2022-03-10 09:55:06 -05:00
Kubernetes Prow Robot
e9af399147
Merge pull request #108631 from jupblb/b223652793
Remove apf_fd from httplog
2022-03-10 05:49:35 -08:00
jupblb
94c92f78e5
Remove apf_fd from httplog
Since flowDistinguisher may hold data identifying a user accessing the
cluster this can be a source of a PII leak.
2022-03-10 12:59:00 +01:00
Kubernetes Prow Robot
9e5efebb4c
Merge pull request #108563 from ipochi/imran/update-e2e-lock-contention-test-to-remove-restart-kubelet
Remove the restart kubelet check from the test.
2022-03-09 21:49:35 -08:00
Kubernetes Prow Robot
fabfb03bd2
Merge pull request #108618 from eddiezane/ez/fix-flake-107702
Add env var to verify-typecheck for serial execution
2022-03-09 20:01:47 -08:00
Kubernetes Prow Robot
b90bddfd9f
Merge pull request #108204 from kevindelgado/field-validation-crd-unit-tests
Field validation CRD benchmarks and decoder unit tests
2022-03-09 20:01:35 -08:00
Kubernetes Prow Robot
1a54b398f4
Merge pull request #108603 from chendave/binary
Switch to use the DBG flag to build debug binaries
2022-03-09 18:57:34 -08:00
Paco Xu
f2930ec98b revert change in imports: ide auto-change to make import-boss verify green 2022-03-10 10:20:59 +08:00
Lee Verberne
90956e6d3e
Print kubectl debug messages received when starting a container (#108591)
* kubectl debug: print container messages

This provides feedback to the user, for example that the server is
unable to pull the debug container image.

* Label debug container updates as warnings

Co-authored-by: Eddie Zaneski <eddiezane@gmail.com>

Co-authored-by: Eddie Zaneski <eddiezane@gmail.com>
2022-03-09 17:51:35 -08:00
Kevin Delgado
bc68466b34 add tests for field validation verifier 2022-03-10 01:25:36 +00:00
Kevin Delgado
d6c83281bc Generalize dry run verify to arbitrary query param 2022-03-10 01:25:36 +00:00
Eddie Zaneski
50bdc98754
Add env to verify-typecheck for serial execution
Signed-off-by: Eddie Zaneski <eddiezane@gmail.com>
2022-03-09 18:21:27 -07:00
Kubernetes Prow Robot
4763d75290
Merge pull request #108598 from chendave/remove_testcases
Remove the legacy Nginx testcases
2022-03-09 13:56:12 -08:00
Hemant Kumar
e24219d27b Remove support for previously deprecated nodeExpand call
between staging and publish
2022-03-09 14:50:18 -05:00
Kubernetes Prow Robot
c571ebed14
Merge pull request #108418 from humblec/add-expansion-secret-validation
csi: add validation of secretRef format for CSI PV update functions
2022-03-09 10:34:12 -08:00
Humble Chirammal
f2473781a3 csi: add validation of secretRef format in CSI spec for PV update
at present the spec.csi.secretRef name has to be DNS1035 label
format and it should fail if we use DNSSubdomain secretRef in
the secretReference field of CSI spec. The newly added test cases
validate this behaviour in validation tests for controllerPublish,
nodePublish and nodeStage secretRef formats.

Additionally csiExpansionEnabled struct field also removed from
the validation function.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-03-09 23:01:00 +05:30
sanposhiho
3b13e9445a Add MinDomains API to TopologySpreadConstraints field 2022-03-09 20:57:12 +09:00
Kubernetes Prow Robot
a41f9e976d
Merge pull request #108107 from aojea/kubelet_http2_heartbeat
kubelet apiserver: be gentle closing connections on heartbeat failures
2022-03-09 01:32:12 -08:00
Kubernetes Prow Robot
9946b5364e
Merge pull request #108252 from wojtek-t/avoid_object_deep_copies
Avoid deep-copying object when possible on kube-apiserver watch path
2022-03-09 00:26:12 -08:00
Dave Chen
ace64c0138 Switch to use the DBG flag to build debug binaries
With the merging of #108371, the old way to build the debug binaries
won't work anymore.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2022-03-09 14:57:59 +08:00
Kubernetes Prow Robot
bbc2dbb980
Merge pull request #108000 from RomanBednar/af-namespace-fix
AzureFile: Volume without secretNamespace fails to mount after translating to CSI
2022-03-08 22:00:21 -08:00
Kubernetes Prow Robot
98ada45442
Merge pull request #108402 from Shoothzj/fix-typo-in-watch_based_manager_test
Fix typo in watch_based_manager_test
2022-03-08 20:04:21 -08:00
Dave Chen
09e47291c7 Rename variable error to err
`error` is the keywork in golang

Signed-off-by: Dave Chen <dave.chen@arm.com>
2022-03-09 10:39:34 +08:00
Dave Chen
85dfca3e16 Remove the legacy Nginx testcases
Those testcases does't work anymore after nginx-ingress controller
has been upgraded to v1.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2022-03-09 10:38:07 +08:00
Paco Xu
b03e27af1b migrate dockerhub image to k8s.gcr.io e2e test image 2022-03-09 09:54:11 +08:00
Kir Kolyshkin
de5a69d847 pkg/kubelet/cm: fix potential nil dereference in enforceExistingCgroup
Move the rl == nil check to before we dereference it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-08 17:05:46 -08:00
Kir Kolyshkin
9652d0cedc pkg/kubelet/cm: move common code to libctCgroupConfig
Instead of doing (almost) the same thing from the three different
methods (Create, Update, Destroy), move the functionality to
libctCgroupConfig, replacing updateSystemdCgroupInfo.

The needResources bool is needed because we do not need resources
during Destroy, so we skip the unneeded resource conversion.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-08 17:05:46 -08:00
Kir Kolyshkin
11b0d57c93 pkg/kubelet/cm/cgroup_manager: simplify setting hugetlb
Commit 79be8be10e made hugetlb settings optional if cgroup v2 is used and
hugetlb is not available, fixing issue 92933. Note at that time this was only
needed for v2, because for v1 the resources were set one-by-one, and only for
supported resources.

Commit d312ef7eb6 switched the code to using Set from runc/libcontainer
cgroups manager, and expanded the check to cgroup v1 as well.

Move this check earlier, to inside m.toResources, so instead of
converting all hugetlb resources from ResourceConfig to libcontainers's
Resources.HugetlbLimit, and then setting it to nil, we can skip the
conversion entirely if hugetlb is not supported, thus not doing the work
that is not needed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-08 17:05:46 -08:00
Kir Kolyshkin
59148e22d0 pkg/kubelet/cm: rm dup code
Commit ecd6361f added setting PidsLimit to Create and Update.

Commit bce9d5f2 added setting PidsLimit to m.toResources.

Now, PidsLimit is assigned twice.

Remove the duplicate.

Fixes: bce9d5f2
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-08 17:05:46 -08:00
Kir Kolyshkin
a673b64864 kubelet/cm: speed up cgroup creation
There's no need to call m.Update (which will create another instance of
libcontainer cgroup manager, convert all the resources and then set
them). All this is already done here, except for Set().

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-08 17:05:46 -08:00
Kubernetes Prow Robot
f10cd679eb
Merge pull request #108557 from ruquanzhao/Remove_generic_scheduler.go
Remove generic_scheduler.go and generic_scheduler_test.go
2022-03-08 13:02:20 -08:00
Kubernetes Prow Robot
19935de5a9
Merge pull request #107410 from margocrawf/master
Ensure static certs in kubeconfig override exec plugin
2022-03-08 11:34:21 -08:00
Kubernetes Prow Robot
29ed12e76b
Merge pull request #108527 from ddebroy/instrumentedgc1
Pass instrumented runtime service to containerGC
2022-03-08 10:24:49 -08:00
Kubernetes Prow Robot
c964ef8d8a
Merge pull request #108576 from jpbetz/cel-0_10_0
Bump to CEL v0.10.0 and update tests and usage
2022-03-08 07:06:33 -08:00
Deep Debroy
023d6fb8f4 Pass instrumented runtime service to containergc
Signed-off-by: Deep Debroy <ddebroy@gmail.com>
2022-03-08 14:33:37 +00:00
Bartłomiej Wróblewski
b2e2fb8d89 Make daemon.NodeShouldRunDaemonPod function public 2022-03-08 11:32:17 +00:00
Kubernetes Prow Robot
1976240861
Merge pull request #108092 from carlory/fix-98035
remove audit.k8s.io/v1[alpha|beta]1 versions
2022-03-08 01:02:33 -08:00
Arda Güçlü
5fdf97ad8e Remove DiscoveryClient from diff command
This PR removes `DiscoveryClient` field in diff command. Because
it is not used anywhere in diff command.
2022-03-08 09:59:49 +03:00
carlory
fcc282f9f2 remove audit.k8s.io/v1[alpha|beta]1 versions 2022-03-08 14:37:26 +08:00
Joe Betz
dd00a432b5 Add tests demonstrating numeric comparisons and int-or-string behavior 2022-03-07 22:59:43 -05:00
Kubernetes Prow Robot
34a6a7ca11
Merge pull request #108316 from hyschumi/fix_unnecessary_handlecrash
endpointslice: remove unnecessary HandleCrash
2022-03-07 18:20:34 -08:00
Joe Betz
2a6b85c395 Bump cel-go to v0.10.0 2022-03-07 20:47:04 -05:00
Margo Crawford
f015fd66ce Check whether static cert is already configured in UpdateTransportConfig
- Also update test-cmd.sh to pass a signing ca to the kube controller
  manager, so CSRs work properly in integration tests.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-07 13:54:32 -08:00
Kubernetes Prow Robot
f93be6584e
Merge pull request #108426 from deads2k/e2e-check
add resource enablement check for e2e tests of beta APIs
2022-03-07 11:34:26 -08:00