Setting AllAlpha=true in integration tests changes the dynamic client request encoding and the
custom resource storage encoding to CBOR. The etcd storage path is updated to accept either JSON or
CBOR as storage encoding. The client feature gate controlling the dynamic client request encoding is
temporarily disabled until the serving codecs for builtin APIs are wired to the CBOR apiserver
feature gate.
For alpha, there is one apiserver feature gate and two client-go feature gates controlling
CBOR. They were initially wired to separate test-only feature gate instances in order to prevent
them from being configurable at runtime via command-line flags or environment variables (for
client-go feature gates outside of Kubernetes components). All of the integration tests required by
the KEP as alpha criteria have been implemented. This adds the feature gates to the usual feature
gate instances and removes the temporary code to support separate test-only feature gate instances.
Using securejoin.SecureJoin() ensures that paths are bound within a
given root, but it doesn't protect from changes happening between the
construction of the path and its use. securejoin 0.3 introduces a new
Linux-specific API which avoids this by making rooted open operations
explicit; this migrates kubelet's log retrieval to use that.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Mirror pods for static pods may not be created immediately during node startup
because either the node is not registered or node informer is not synced.
They will be created eventually when static pods are resynced (every 1-1.5 minutes).
However, during this delay of 1-1.5 mins, kube-scheduler might overcommit resources
to the node and eventually cause kubelet to reject pods with
OutOfCPU/OutOfMemory/OutOfPods error.
To ensure kube-scheduler is aware of static pod resource usage faster,
mirror pods are created as soon as the node registers.
A better place is the cel package because a) the name can become shorter
and b) it is tightly coupled with the compiler there.
Moving the compilation into the cache simplifies the callers.
* Refactor various hardcoded backoffs into separate constants
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
* Fix comment formatting
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
---------
Signed-off-by: Laura Lorenz <lauralorenz@google.com>
This expands the generic plugin support to both validating and mutating policies. It also adds the
mutating policy admission plugin using the generics plugin support.
This also implements both ApplyConfiguration and JSONPatch support.
Co-authored-by: Alexander Zielensk <alexzielenski@gmail.com>
This is closely aligned with ValidatingAdmissionPolicy
except that instead of validations that can fail with
messages, there are mutations, which can be defined
either with as an ApplyConfiguration or JSONPatch.
Co-authored-by: cici37 <cicih@google.com>
