github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 04:06:03 +00:00
Code Issues Projects Releases Wiki Activity
103,680 Commits 42 Branches 7,905 Tags 1.3 GiB
636c769fb8
Commit Graph

103680 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jordan Liggitt
636c769fb8 PodSecurity: preconstruct reused values 
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          370           228           -38.49%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   408           241           -40.86%
BenchmarkVerifyPod/enforce-privileged_pod-12                        420           242           -42.27%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 426           256           -39.84%
BenchmarkVerifyPod/enforce-baseline_pod-12                          4259          3006          -29.42%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   341           266           -22.12%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3322          3282          -1.20%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 327           260           -20.59%
BenchmarkVerifyPod/warn-baseline_pod-12                             2964          3020          +1.89%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3069          3127          +1.89%
BenchmarkVerifyPod/warn-restricted_pod-12                           3223          3330          +3.32%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3443          3533          +2.61%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5193          5405          +4.08%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4295          4358          +1.47%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4363          4513          +3.44%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4482          4588          +2.37%

benchmark                                                           old allocs     new allocs     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2              1              -50.00%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2              1              -50.00%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2              1              -50.00%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2              1              -50.00%
BenchmarkVerifyPod/enforce-baseline_pod-12                          17             17             +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2              1              -50.00%
BenchmarkVerifyPod/enforce-restricted_pod-12                        17             17             +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 2              1              -50.00%
BenchmarkVerifyPod/warn-baseline_pod-12                             17             17             +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      19             19             +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           17             17             +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    19             19             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               27             27             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        24             24             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            22             22             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     24             24             +0.00%

benchmark                                                           old bytes     new bytes     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          208           112           -46.15%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   208           112           -46.15%
BenchmarkVerifyPod/enforce-privileged_pod-12                        208           112           -46.15%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 208           112           -46.15%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3368          3368          +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   208           112           -46.15%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3368          3368          +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 208           112           -46.15%
BenchmarkVerifyPod/warn-baseline_pod-12                             3368          3368          +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3552          3552          +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           3368          3368          +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3552          3552          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5864          5864          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4800          4800          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4616          4616          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4800          4800          +0.00%
 2021-09-21 16:20:11 -04:00
Jordan Liggitt
d5589ba65f PodSecurity: optimize evaluation of fully-privileged namespaces 
benchmark                                                           old ns/op     new ns/op     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2658          370           -86.07%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2462          408           -83.42%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2346          420           -82.11%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2318          426           -81.64%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3606          4259          +18.11%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2032          341           -83.22%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3522          3322          -5.68%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 1893          327           -82.70%
BenchmarkVerifyPod/warn-baseline_pod-12                             3076          2964          -3.64%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3111          3069          -1.35%
BenchmarkVerifyPod/warn-restricted_pod-12                           3155          3223          +2.16%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3235          3443          +6.43%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5148          5193          +0.87%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4147          4295          +3.57%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4286          4363          +1.80%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4447          4482          +0.79%

benchmark                                                           old allocs     new allocs     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          12             2              -83.33%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   14             2              -85.71%
BenchmarkVerifyPod/enforce-privileged_pod-12                        12             2              -83.33%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 14             2              -85.71%
BenchmarkVerifyPod/enforce-baseline_pod-12                          17             17             +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   14             2              -85.71%
BenchmarkVerifyPod/enforce-restricted_pod-12                        17             17             +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 14             2              -85.71%
BenchmarkVerifyPod/warn-baseline_pod-12                             17             17             +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      19             19             +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           17             17             +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    19             19             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               27             27             +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        24             24             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            22             22             +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     24             24             +0.00%

benchmark                                                           old bytes     new bytes     delta
BenchmarkVerifyPod/enforce-implicit_pod-12                          2120          208           -90.19%
BenchmarkVerifyPod/enforce-implicit_deployment-12                   2304          208           -90.97%
BenchmarkVerifyPod/enforce-privileged_pod-12                        2120          208           -90.19%
BenchmarkVerifyPod/enforce-privileged_deployment-12                 2304          208           -90.97%
BenchmarkVerifyPod/enforce-baseline_pod-12                          3368          3368          +0.00%
BenchmarkVerifyPod/enforce-baseline_deployment-12                   2304          208           -90.97%
BenchmarkVerifyPod/enforce-restricted_pod-12                        3368          3368          +0.00%
BenchmarkVerifyPod/enforce-restricted_deployment-12                 2304          208           -90.97%
BenchmarkVerifyPod/warn-baseline_pod-12                             3368          3368          +0.00%
BenchmarkVerifyPod/warn-baseline_deployment-12                      3552          3552          +0.00%
BenchmarkVerifyPod/warn-restricted_pod-12                           3368          3368          +0.00%
BenchmarkVerifyPod/warn-restricted_deployment-12                    3552          3552          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12               5864          5864          +0.00%
BenchmarkVerifyPod/enforce-warn-audit-baseline_deployment-12        4800          4800          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12            4616          4616          +0.00%
BenchmarkVerifyPod/warn-baseline-audit-restricted_deployment-12     4800          4800          +0.00%
 2021-09-21 16:20:11 -04:00
Jordan Liggitt
13e0887c4c PodSecurity: add admission benchmark 
go test ./plugin/pkg/admission/security/podsecurity -bench /pod -benchmem
goos: darwin
goarch: amd64
pkg: k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity
cpu: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
BenchmarkVerifyPod/enforce-implicit_pod-12         	  702789	      1585 ns/op	    2120 B/op	      12 allocs/op
BenchmarkVerifyPod/enforce-privileged_pod-12       	  737588	      1607 ns/op	    2120 B/op	      12 allocs/op
BenchmarkVerifyPod/enforce-baseline_pod-12         	  409818	      2974 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/enforce-restricted_pod-12       	  370262	      3385 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/warn-baseline_pod-12            	  391808	      3101 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/warn-restricted_pod-12          	  349411	      3452 ns/op	    3368 B/op	      17 allocs/op
BenchmarkVerifyPod/enforce-warn-audit-baseline_pod-12         	  208221	      5735 ns/op	    5864 B/op	      27 allocs/op
BenchmarkVerifyPod/warn-baseline-audit-restricted_pod-12      	  249662	      4849 ns/op	    4616 B/op	      22 allocs/op
PASS
ok  	k8s.io/kubernetes/plugin/pkg/admission/security/podsecurity	10.707s
 2021-09-21 16:20:11 -04:00
Kubernetes Prow Robot
d5f39ebe4d
Merge pull request #105064 from knight42/refactor-switch-to-stdlib-cipher 
refactor: switch to tls cipher suite in stdlib
 2021-09-21 11:56:42 -07:00
Kubernetes Prow Robot
7c71e06cd1
Merge pull request #104959 from calvin0327/issue-test-dataRace 
fix the test issue of node shutdown manager
 2021-09-21 11:56:30 -07:00
Kubernetes Prow Robot
44d4d007bf
Merge pull request #103424 from 249043822/br-cadvisor-perf 
Optimize kubelet stats provider for perfomace bottleneck
 2021-09-21 11:56:18 -07:00
Kubernetes Prow Robot
40c9203472
Merge pull request #105171 from liggitt/gomodule-staticcheck 
Make staticcheck package-compatible
 2021-09-21 10:34:23 -07:00
Jordan Liggitt
00622da45e Make staticcheck package-compatible 2021-09-21 12:19:57 -04:00
Kubernetes Prow Robot
bf77f8ff43
Merge pull request #105162 from MadhavJivrajani/migrate-clock-pkg 
migrate k8s.io/apimachinery/util/clock -> k8s.io/utils/clock
 2021-09-21 08:44:24 -07:00
Kubernetes Prow Robot
9ff99adc60
Merge pull request #104167 from ialidzhikov/cleanup/boundserviceaccounttokenvolume 
Remove the BoundServiceAccountTokenVolume feature gate
 2021-09-21 07:18:23 -07:00
Kubernetes Prow Robot
68d646a101
Merge pull request #105085 from MikeSpreitzer/fix-queueset-tests 
Update TestNoRestraint and TestWindup
 2021-09-21 03:48:23 -07:00
Madhav Jivrajani
fed2ec99c6 migrate k8s.io/apimachinery/util/clock -> k8s.io/utils/clock 
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2021-09-21 15:54:44 +05:30
ialidzhikov
d6f4c03e4b Remove the BoundServiceAccountTokenVolume feature gate 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2021-09-21 11:53:51 +03:00
Mike Spreitzer
0ee1a7b4ff More test tweaks 
Canonicalize listing of test cases.

Make TestNoRestraint try both cases: competition and none.
 2021-09-21 03:06:38 -04:00
Kubernetes Prow Robot
6c45f6e32b
Merge pull request #105125 from BinacsLee/binacs-fix-scheQ-caculate-overflow 
Scheduler: fix calculateBackoffDuration overflow in extreme data cases
 2021-09-20 21:26:23 -07:00
BinacsLee
f277864aa5 Scheduler queue: fix calculateBackoffDuration overflow in extreme data cases 2021-09-21 09:42:52 +08:00
Kubernetes Prow Robot
c4587a62f9
Merge pull request #105143 from aojea/netexec_optional_listen 
agnhost: allow to disable udp listener on netexec
 2021-09-20 16:10:22 -07:00
Kubernetes Prow Robot
dde200478a
Merge pull request #105145 from aojea/fix_host_internal 
avoid hostNetwork pods conflict binding UDP ports
 2021-09-20 15:02:45 -07:00
Kubernetes Prow Robot
acbeaf8b8e
Merge pull request #104944 from jyz0309/migrate-log 
Migrate `cmd/proxy/{config, healthcheck, winkernel}` to structured logging
 2021-09-20 15:02:37 -07:00
Kubernetes Prow Robot
775c9314ad
Merge pull request #104578 from MadhavJivrajani/refactor-rate-limiters 
Move client-go/tools/record tests away from `IntervalClock` to `SimpleIntervalClock`
 2021-09-20 15:02:24 -07:00
Pritish Samal
060f5b88d0
Migrate pkg/proxy/util to structured logging (#104908) 
* Migrate to Structured Logs in `pkg/proxy/util`

* Minor fixes

* change key to cidr and remove namespace arg

* Update key from cidr to CIDR

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Update key cidr to CIDR

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Update key ip to IP

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Update key ip to IP

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Interchange svcNamespace and svcName

* Change first letter of all messages to capital

* Change key names in endpoints.go

* Change all keynames to lower bumby caps convention

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>
 2021-09-20 13:54:35 -07:00
Kubernetes Prow Robot
b34a735bbe
Merge pull request #102523 from stlaz/rootca_metrics_cleanup 
rootcacertpublisher: drop the namespace label from metrics to reduce its cardinality
 2021-09-20 13:54:24 -07:00
Kubernetes Prow Robot
353f0a5eab
Merge pull request #105095 from wojtek-t/migrate_clock_3 
Unify towards k8s.io/utils/clock - part 3
 2021-09-20 12:46:45 -07:00
Kubernetes Prow Robot
3e985b7af6
Merge pull request #104916 from pohly/storage-e2e-owners 
e2e storage: update OWNERS
 2021-09-20 12:46:37 -07:00
Kubernetes Prow Robot
06796b7c7c
Merge pull request #104863 from pohly/restore-volume-life-cycle-check 
e2e: restore volume lifecycle check for most tests
 2021-09-20 12:46:24 -07:00
Kubernetes Prow Robot
e8653fe24a
Merge pull request #104163 from ialidzhikov/cleanup/pids-limit 
Remove SupportPodPidsLimit and SupportNodePidsLimit feature gates
 2021-09-20 11:35:09 -07:00
Kubernetes Prow Robot
b92b799881
Merge pull request #102309 from pacoxu/track-unwanted-dependencies-1 
add update-unwanted-dependencies.sh to track unwanted dependencies
 2021-09-20 10:18:10 -07:00
Kubernetes Prow Robot
f55101913f
Merge pull request #105098 from Karthik-K-N/fix-error-format 
Fix incorrect format specifier in test files
 2021-09-20 08:56:09 -07:00
Kubernetes Prow Robot
232bc67b22
Merge pull request #104655 from luyou86/client-go-bucket-rate-limiter-add-maxDelay 
client-go bucket rate limiter add maxDelay
 2021-09-20 07:46:11 -07:00
pacoxu
b99e1e4aa9 use reference as we cannot distinguishing direct/indirect with go mod graph 2021-09-20 22:14:34 +08:00
jyz0309
5d32be4126 fix type check 
Signed-off-by: jyz0309 <45495947@qq.com>
 2021-09-20 19:42:15 +08:00
jyz0309
6344d6b26d rebuild msg and rename namespace 
Signed-off-by: jyz0309 <45495947@qq.com>
 2021-09-20 19:04:21 +08:00
Kubernetes Prow Robot
6e92ee6788
Merge pull request #105106 from MikeSpreitzer/apf-migrate-clock 
Migrate apiserver/pkg/util/flowcontrol to use k8s.io/utils/clock
 2021-09-20 03:52:09 -07:00
Antonio Ojea
b55e6f2cd0 avoid hostNetwork pods conflict binding UDP ports 
The agnhost pods using netexec will bind by default to the UDP
port 8081, use a different port for hostNetwork pods to avoid
scheduling conflicts and fail the tests.
 2021-09-20 09:54:23 +02:00
Antonio Ojea
2bf38ed86b agnhost: allow to disable udp listener on netexec 
There are some tests that doesn't need the UDP listener, so they
can disable it.
This is specially needed for tests that use hostNetwork pods, if 2
pods try to bind to the same port, the test will fail because one
of the pod can't be scheduled because of the port conflict.

To keep backwards compatibility, we can add an option to disable
the UDP listener by setting the port number to -1, that is consistent
with the SCTP implementation.
 2021-09-20 09:44:20 +02:00
Shivanshu Raj Shrivastava
bbd809cbd0
Fixing incorrectly migrated structured logs (#105122) 
* added keys for structured logging

* used KObj
 2021-09-19 12:28:08 -07:00
Kubernetes Prow Robot
a3d62e6925
Merge pull request #105134 from aojea/hack-local-resolv 
local-cluster-up: allow to specify the kubelet resolv.conf
 2021-09-19 07:22:09 -07:00
Antonio Ojea
1846e42f7b alllocal-cluster-up: ow to specify the kubelet resolv.conf 2021-09-19 12:06:52 +02:00
Kubernetes Prow Robot
25c7b6a2c7
Merge pull request #105109 from Huang-Wei/cleanup-dupe-import 
cleanup duplicated import of "k8s.io/apimachinery/pkg/runtime"
 2021-09-18 17:20:07 -07:00
Kubernetes Prow Robot
a73f45dd96
Merge pull request #105031 from howardjohn/q/memory-leak 
workqueue: fix leak in queue preventing objects from being GCed
 2021-09-17 23:42:06 -07:00
Kubernetes Prow Robot
c5fbcd735d
Merge pull request #104939 from z1cheng/fix-conntrack-typo 
Fix error message typo in conntrack
 2021-09-17 19:22:06 -07:00
Kubernetes Prow Robot
0d20f47c7a
Merge pull request #105090 from saad-ali/removeSubpathFeaturegate 
Remove VolumeSubpath feature gate
 2021-09-17 15:52:07 -07:00
Wei Huang
a55af2d35a
cleanup duplicated import of "k8s.io/apimachinery/pkg/runtime" 2021-09-17 14:13:15 -07:00
Kubernetes Prow Robot
35ae8c9fe4
Merge pull request #105080 from smira/client-error-wrapping 
fix: wrap errors correct when validating kubeconfig
 2021-09-17 12:55:03 -07:00
Mike Spreitzer
9f45c0f8c0 Migrate apiserver/pkg/util/flowcontrol to use k8s.io/utils/clock 
.. instead of apimachinery/pkt/util/clock
 2021-09-17 15:36:14 -04:00
Kubernetes Prow Robot
e196508884
Merge pull request #105056 from Huang-Wei/fail-fast-int-test 
Provide a timeout function to fail quick on blocking operations
 2021-09-17 11:49:05 -07:00
Wei Huang
d7bf9d724f
Provide a timeout function to fail quick on blocking operations 
It works like the Linux `timeout` utility.
 2021-09-17 10:23:06 -07:00
Madhav Jivrajani
ac5c55f0bd Refactor client-go/util/flowcontrol/throttle.go RateLimiter 
- Introduce PassiveRateLimiter which implements all methods of previous RateLimiter except Accept() and Wait()
- Change RateLimiter interface to extend PassiveRateLimiter by additionally implementing Accept() and Wait()
- Make client-go/tools/record use PassiveRateLimiter

Refactor EventSourceObjectSpamFilter, EventAggregator, EventCorrelator

- EventSourceObjectSpamFilter, EventAggregator, EventCorrelator use clock.PassiveClock now.
	- This won't be a breaking change because even if a clock.Clock is passed, it still implements the clock.PassiveClock interface.
- Extend clock.PassiveClock through Clock.
- Replace pacakge local implementation of realClock with clock.RealClock
- In flowcontrol/throttle.go split tokenBucketRateLimiters to use Clock and clock.PassiveClock.
- Migrate client-go/tools/record tests from using IntervalClock to using SimpleIntervalClock (honest implementation of clock.PassiveClock)

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2021-09-17 21:20:46 +05:30
John Howard
2a34801168 workqueue: fix leak in queue preventing objects from being GCed 
See https://github.com/grpc/grpc-go/issues/4758 for a real world example
of this leaking 2gb+ of data.

Basically, when we do `q.queue[1:]` we are just repositioning the slice.
The underlying array is still active, which contains the object formerly
known as `q.queue[0]`. Because its referencing this object, it will not
be GCed. The only thing that will trigger it to free is eventually when
we add enough to the queue that we allocate a whole new array.

Instead, we should explicitly clear out the old space when we remove it
from the queue. This ensures the object can be GCed, assuming the users'
application doesn't reference it anymore.
 2021-09-17 08:29:26 -07:00
Kubernetes Prow Robot
6a84310f8b
Merge pull request #105010 from MadhavJivrajani/use-utils-clock-pkg 
replace package realClock impl. with clock.RealClock
 2021-09-17 07:35:01 -07:00