Commit Graph

109660 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
08752b29e3
Merge pull request #110586 from tsisodia10/spell-check-docs
Fix grammar in K8s OpenAPI spec doc
2022-07-27 11:34:40 -07:00
Kubernetes Prow Robot
c27e82604e
Merge pull request #109217 from manugupt1/improve-mount-detection
Improved mount detection using openat2 for kernel 5.10+
2022-07-27 11:34:28 -07:00
Kubernetes Prow Robot
e092b6d27b
Merge pull request #111442 from ialidzhikov/k8s-utils@56c0de1e6f
Update `k8s.io/utils` to `9bab9ef40391`
2022-07-27 10:02:39 -07:00
Kubernetes Prow Robot
ec905a4611
Merge pull request #105919 from ravisantoshgudimetla/ps-restricted-updates
PodSecurity: OS based updates to restricted standard
2022-07-27 10:02:28 -07:00
David Eads
184356ae92 allow namespace admins to use leases to encourage migration off of configmaps 2022-07-27 12:58:34 -04:00
Brian Pursley
e88470c31f Change kubectl diff to exclude managedFields by default
Changes kubectl diff to exclude managedFields by default.
Adds a new --show-managed-fields flag that allows you to
include managed fields in the diff.
2022-07-27 12:53:32 -04:00
Kubernetes Prow Robot
610b7839a0
Merge pull request #111399 from Argh4k/i-111290
Modify timeout for etcd healthcheck
2022-07-27 07:36:28 -07:00
Kubernetes Prow Robot
ce336550f1
Merge pull request #111444 from wojtek-t/prevent_leaking_goroutines
Prevent from future leaks of goroutines in integration tests
2022-07-27 06:31:52 -07:00
Kubernetes Prow Robot
015fb765b8
Merge pull request #111415 from logicalhan/extended-stability
Add support for summary metrics for stablity checks
2022-07-27 06:31:41 -07:00
Kubernetes Prow Robot
9ad4c5c0a0
Merge pull request #110670 from gnufied/fix-pod-deletion-terminating
Fix pod stuck in termination state when mount fails or gets skipped after kubelet restart
2022-07-27 06:31:29 -07:00
Maciej Wyrzuc
b42045a64f Add additional etcd check to readyz with 2 seconds timeout. 2022-07-27 12:23:02 +00:00
Kubernetes Prow Robot
ce433f87b4
Merge pull request #110266 from danwinship/minimize-prep-reorg
iptables proxy reorg in preparation for minimizing iptables-restore
2022-07-27 04:06:30 -07:00
Xuzheng Chang
ffe4ae23f3 fix ambiguous comments of priorityClass update validation 2022-07-27 15:30:47 +08:00
Nic Cope
c5957c284e Use SHA256 sums to verify discovery cache integrity
This is a little more computationally expensive but reduces the
likelihood of a potentially malicious cache collision.

Signed-off-by: Nic Cope <nicc@rk0n.org>
2022-07-27 00:13:30 -07:00
Nic Cope
288a17fd33 Use sha256 to sanitize discovery HTTP cache keys
This helps avoid (potentially malicious) collisions when reading and
writing cache data.

Signed-off-by: Nic Cope <nicc@rk0n.org>
2022-07-27 00:13:30 -07:00
Nic Cope
7a2c6a432f Use checksums instead of fsyncs to manage discovery cache corruption
Part of the API discovery cache uses an HTTP RoundTripper that
transparently caches responses to disk. The upstream implementation of
the disk cache is hard coded to call Sync() on every file it writes.
This has noticably poor performance on modern Macs, which ask their disk
controllers to flush all the way to persistant storage because Go uses
the `F_FULLFSYNC` fnctl. Apple recommends minimizing this behaviour in
order to avoid degrading performance and increasing disk wear.

The content of the discovery cache is not critical; it is indeed just a
cache and can be recreated by hitting the API servers' discovery
endpoints. This commit replaces upstream httpcache's diskcache
implementation with a similar implementation that can use CRC-32
checksums to detect corrupted cache entries at read-time. When such an
entry is detected (e.g. because it was only partially flushed to
permanent storage before the host lost power) the cache will report a
miss. This causes httpcache to fall back to its underlying HTTP
transport (i.e. the real API server) and re-cache the resulting value.

Apart from adding CRC-32 checksums and avoiding calling fsync this
implementation differs from upstream httpcache's diskcache package in
that it uses FNV-32a hashes rather than MD5 hashes of cache keys in
order to generate filenames.

Signed-off-by: Nic Cope <nicc@rk0n.org>
2022-07-27 00:13:30 -07:00
Nic Cope
eace469065 Add a benchmark for the discovery cache RoundTripper
This benchmark is intended to demonstrate a performance improvement
gained by removing fsyncs. Refer to the below issue for more detail.

https://github.com/kubernetes/kubernetes/issues/110753

Signed-off-by: Nic Cope <nicc@rk0n.org>
2022-07-27 00:13:30 -07:00
Dave Chen
819c12276b kubeadm: move getClientSet to cmd utils
`getClientSet` is used by both cmd `token` and `reset`, move this
method to cmd utils to decouple it from one specific cmd.

Signed-off-by: Dave Chen <dave.chen@arm.com>
2022-07-27 15:13:09 +08:00
HaoJie Liu
2247217c0e cleanup: fix some error log capitalization
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>
2022-07-27 15:07:03 +08:00
Manu Gupta
44bea35804 Return unwrapped ErrNotExist when EvalSymlink returns PathError
By default filepath.EvalSymlink returns PathError. When a file is
not found, we should unwrap it and return ErrNotExist as this
is what this function expects.

Similar to the comment at:
https://github.com/kubernetes/kubernetes/pull/109217#discussion_r896272206
2022-07-26 23:24:23 -07:00
Manu Gupta
08ef11029f Fix type in mount_windows.go 2022-07-26 23:24:23 -07:00
Manu Gupta
5a6cccc556 Use faster mountdetections using openat2 for IsNotMountPoint
Reimplement IsNotMountpoint as IsMountPoint and return appropriate
error when a mount point is not detected.

IsMountPoint depends on MountedFast function in moby/sys/mountinfo
that uses openat2 call in kernel versions5.10 to detect
mount points without falling back to /proc/mounts.

Mark IsNotMountPoint as deprecated in order to ask the users to
use IsMountPoint directly.
2022-07-26 23:24:20 -07:00
ialidzhikov
168fef6845 Update k8s.io/utils to 9bab9ef40391 2022-07-27 08:46:35 +03:00
Kermit Alexander
bb6cbadb2f Add examples of matchExpressions validations. 2022-07-27 04:47:44 +00:00
HaoJie Liu
7125a5f011 cleanup: omit redundant arguments in make call
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>
2022-07-27 11:17:50 +08:00
Ernest Wong
6fcc671b9d
chore: move chewong to emeritus_approvers
Signed-off-by: Ernest Wong <ernwong@amazon.com>
2022-07-27 03:08:28 +00:00
zhoumingcheng
9b6f880dbc add unit test for pkg/kubelet/types/ func GetPodStartTime()
Signed-off-by: zhoumingcheng <zhoumingcheng@beyondcent.com>
2022-07-27 09:26:56 +08:00
Ravi Gudimetla
96950f5f79 Update test fixtures 2022-07-26 19:47:11 -04:00
Han Kang
c38746c353 add test for fake objectives
Change-Id: Ib0bfdf1299cd74490474f92c41d93090809f41c4
2022-07-26 15:31:25 -07:00
Han Kang
cefa194998 Update test/instrumentation/error.go
Co-authored-by: Damien Grisonnet <damien.grisonnet@epita.fr>
2022-07-26 15:31:25 -07:00
Han Kang
e452850ec3 Add support for summary metrics for stablity checks
Also add entrypoints for verifying and updating a test file for easier
debugging. This is considerably faster than running the stablity checks
against the entire Kubernetes codebase.

Change-Id: I5d5e5b3abf396ebf1317a44130f20771a09afb7f
2022-07-26 15:31:25 -07:00
Kubernetes Prow Robot
3ffdfbe286
Merge pull request #111254 from dims/update-to-golang-1.19-rc2
[golang] Update to 1.19rc2 (from 1.18.3)
2022-07-26 14:25:09 -07:00
Kubernetes Prow Robot
631a5a849a
Merge pull request #109778 from mythi/grpc-go-update
grpc: move to use grpc.WithTransportCredentials()
2022-07-26 12:45:09 -07:00
Kubernetes Prow Robot
5ac563c507
Merge pull request #109141 from ulucinar/bump-discovery-burst
Bump default burst limit for discovery client to 300
2022-07-26 11:35:21 -07:00
Kubernetes Prow Robot
8bc12f24e6
Merge pull request #106388 from alexzielenski/ssa-ignore-nonsemantic-changes
Ignore non-semantic changes to objects
2022-07-26 11:35:10 -07:00
Wojciech Tyczyński
ef607d131f Prevent from future leaks of goroutines in integration tests 2022-07-26 20:08:09 +02:00
Alexander Zielenski
a51d4c1fee
update conformance
x-preserve-unknown-fields becomes x-kubernetes-preserve-unknown-fields
2022-07-26 11:05:46 -07:00
Davanum Srinivas
a9593d634c
Generate and format files
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:05 -04:00
Davanum Srinivas
4784b58e17
golang: Update to 1.19rc2 from 1.18.3
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:05 -04:00
Davanum Srinivas
6c0a434db0
Try disabling logcheck for golang 1.19rc2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:05 -04:00
Davanum Srinivas
1f557035e0
Adjust for os/exec changes in 1.19
https://tip.golang.org/doc/go1.19#os-exec-path

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:04 -04:00
Davanum Srinivas
ea7dff551f
fix patch_test for gofmt issue
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:04 -04:00
Davanum Srinivas
27dc8a9b63
Fix quotes that trip up gofmt
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-07-26 13:14:04 -04:00
Alexander Zielenski
59629acf47
correct OpenAPI extension in error message
when attemping to use preserveUnknownFields the error message leads you astray
2022-07-26 09:43:09 -07:00
Kubernetes Prow Robot
96a32be18d
Merge pull request #111394 from SataQiu/cleanup-20220725
kubeadm: prefer to use pkg/errors package and cleanup fmt.Errorf
2022-07-26 09:11:09 -07:00
Claudiu Belu
f567b85cc4 kubelet: Fixes plugin Watcher for Windows
Currently, the plugin Watcher checks if a file is a socket or not by
running mode&os.ModeSocket != 0, which can't be True on Windows.

util.IsUnixDomainSocket should be used instead.
2022-07-26 18:45:10 +03:00
Kubernetes Prow Robot
9525206bcb
Merge pull request #111306 from stlaz/restricted_scheduling_test
Make scheduling e2e tests run PSa-restricted pods
2022-07-26 08:01:21 -07:00
Kubernetes Prow Robot
d5f12ed7d8
Merge pull request #108108 from thaJeztah/switch_golang_protobuf_extensions
vendor: downgrade github.com/matttproud/golang_protobuf_extensions to v1.0.1
2022-07-26 08:01:09 -07:00
Kubernetes Prow Robot
7a8f8a3209
Merge pull request #111437 from wojtek-t/fix_leaking_goroutines_14
Clean shutdown of cloud controllers in integration tests
2022-07-26 06:43:10 -07:00
ravisantoshgudimetla
b3a2e6a3f4 [podsecurity] OS based updates to restricted standard 2022-07-26 09:05:13 -04:00