to keep a count of the pods that have the ready condition.
Also:
- Add feature gate JobReadyPods.
- Add Ready to describe.
Change-Id: Ib934730a430a8e2a2f485671e345fe2330006939
This fixes a bug where the test was dependent on the current set of
feature gates. Since AllFeatureEnabledContainers() depends on the
feature gates it must be evaluated after the test case is initialized.
Conceptually, snapshots have to be taken while the pod and thus the volume
exist. Snapshotting has an issue where flushing of data is not guaranteed while
the volume is still staged on the node, so the test relied on deleting the pod
and checking for the volume to be unused. That part of the test cannot be done
for ephmeral volumes.
This is a fix for the new test case from
https://github.com/kubernetes/kubernetes/pull/105636 which had to be merged
without prior testing due to not having a cluster to test on and no pull job
which runs these
tests. https://testgrid.k8s.io/sig-storage-kubernetes#gce-serial then showed a
failure.
The fix is simple: in the ephemeral case, the PVC name isn't set in advance in
pvc.Name and instead must be computed. The fix now was tested on a kubetest
cluster in GCE.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
This adds a new test pattern and uses it for the inline volume tests. Because
the kind of volume now varies more, validation of the mount or block device is
always done by the caller of TestEphemeral.
apiServiceRegistrationControllerInitiated is closed when APIServiceRegistrationController has finished "installing" all known APIServices.
At this point we know that the proxy handler knows about APIServices and can handle client requests.
Before it might have resulted in a 404 response which could have serious consequences for some controllers like GC and NS
the new field exists primarily to avoid returning a 404 response when a resource actually exists but we haven't installed the path to a handler.
it is exposed for easier composition of the individual servers.
the primary users of this field are the WithMuxCompleteProtection filter and the NotFoundHandler.
It puts the muxCompleteProtectionKey in the context if a request has been made before muxCompleteSignal has been ready.
Putting the key protect us from returning a 404 response instead of a 503.
It is especially important for controllers like GC and NS since they act on 404s.
The presence of the key is checked in the NotFoundHandler (staging/src/k8s.io/apiserver/pkg/util/notfoundhandler/not_found_handler.go)
The race may happen when a request reaches the NotFoundHandler because not all paths have been registered in the mux
but when the registered checks are examined in the handler they indicate that the paths have been actually installed.
In that case, the presence of the key will make the handler return 503 instead of 404.
The new handler is meant to be executed at the end of the delegation chain.
It simply checks if the request have been made before the server has installed all known HTTP paths.
In that case it returns a 503 response otherwise it returns a 404.
We don't want to add additional checks to the readyz path as it might prevent fixing bricked clusters.
This specific handler is meant to "protect" requests that arrive before the paths and handlers are fully initialized.
hostPath volume plugin creates a directory within /tmp on host machine, to be mounted as volume.
inject-pod writes content to the volume, and a client-pod tried the read the contents and verify.
when SELinux is enabled on the host, client-pod can not read the content, with permission denied.
running the client-pod as privileged, so that it can access the volume content, even when SEinux is enabled on the host.
