github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-09 12:07:47 +00:00
Code Issues Projects Releases Wiki Activity
128,784 Commits 42 Branches 7,905 Tags 1.3 GiB
8f83f2446a
Commit Graph

128784 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kubernetes Prow Robot
1b79b8952a
Merge pull request #129997 from carlory/HonorPVReclaimPolicy-e2e 
HonorPVReclaimPolicy: add more e2e tests
 2025-02-17 04:08:22 -08:00
Rodrigo Campos
3b7926824e e2e_node: Don't use userns in DefaultPocMount tests 
When proc mount is set to default, it should mask /proc.

The DefaultProcMount test was setting "hostUsers: false" which means to
create a user namespaces. This was not causing issues before, because
user namespaces was disabled by default and therefore the field was
completely ignored. Now that userns is enabled by default, the test is
failing as the runtime doesn't always have userns support.

One option would be to filter for runtimes that do have userns support.
But the default case (/proc is masked) for sure we want to test it
without userns support, as it will be applied to all pods.

To that end, we add a param "hostUsers bool" to testProcMount that will
enable it or not. Then, both test cases that call this function set it
accordingly: the default case sets it to true (no user namespace), and
the unmasked case with a privileged pod sets it to false (use a user
namespace), to verify the /proc mount is unmasked in this case.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-02-17 11:51:55 +01:00
Kubernetes Prow Robot
2527854078
Merge pull request #130178 from bart0sh/PR172-e2e-fix-websockets-conformance 
e2e: fix node conformance flake
 2025-02-17 02:08:33 -08:00
Kubernetes Prow Robot
e279ae4335
Merge pull request #129852 from p0lyn0mial/upstream-clock-test-cache 
cacher: decrease the running time of TestConsistentReadFallback
 2025-02-17 02:08:21 -08:00
carlory
c48499d360 fix ci 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-02-17 11:49:24 +08:00
carlory
2382c0125b remove Removed generally available feature-gate DisableCloudProviders and DisableKubeletCloudCredentialProviders 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-02-17 09:59:59 +08:00
carlory
29e5d42979 kube-apiserver: removed the deprecated the --cloud-provider and --cloud-config CLI parameters. 
Signed-off-by: carlory <baofa.fan@daocloud.io>
 2025-02-17 09:54:49 +08:00
Kubernetes Prow Robot
87fcae2bc7
Merge pull request #130204 from aroradaman/conntrack-count-metric 
kube-proxy: metric to track entries deleted in conntrack reconciliation
 2025-02-16 15:14:21 -08:00
Kubernetes Prow Robot
1e38c86893
Merge pull request #129996 from yongruilin/fix-flag-apiserver 
fix: apiserver flagz to response actual parsed flags
 2025-02-16 13:56:23 -08:00
Daman Arora
438df173e3 kube-proxy: metric to track entries deleted in conntrack reconciliation 
kubeproxy_conntrack_reconciler_deleted_entries_total can be used
to track total entries deleted in conntrack reconciliation.

Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2025-02-17 00:06:20 +05:30
Kubernetes Prow Robot
e7b03ea0d3
Merge pull request #130080 from elizabeth-dev/replace-network-e2e-replicationcontrollers-2 
test(network): replace RCs with Deployments in util function StartServeHostnameService
 2025-02-16 09:44:21 -08:00
YamasouA
fcce8aaad8 workloadExecutor's member use value not pointer 2025-02-16 23:42:20 +09:00
Kubernetes Prow Robot
edc1fd24cc
Merge pull request #130081 from elizabeth-dev/replace-network-e2e-replicationcontrollers-3 
test(network): replace RCs with Deployments in util function CreateServicePods
 2025-02-16 06:00:21 -08:00
Elizabeth Martin Campos
e353086e6a
test(network): replace RCs with Deployments in util function StartServeHostnameService 
See #119021
 2025-02-16 14:50:46 +01:00
Kubernetes Prow Robot
05ab777e28
Merge pull request #130200 from aroradaman/conntrack-duration-metric 
kube-proxy: metric to track conntrack reconciliation latency
 2025-02-16 03:50:22 -08:00
Daman Arora
bdd83038e8 kube-proxy: metric to track conntrack reconciliation latency 
kube_proxy_conntrack_reconciler_sync_duration_seconds can be used
to track the latency of conntrack flow reconciliation.

Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2025-02-16 13:51:40 +05:30
Elizabeth Martin Campos
98d600bef9
test(network): replace RCs with Deployments in util function CreateServicePods 
See #119021
 2025-02-15 22:09:55 +01:00
Kubernetes Prow Robot
4e7e14203d
Merge pull request #130105 from seans3/websocket-logging-level 
Update websocket logging levels for better debuggability
 2025-02-15 07:44:28 -08:00
Kubernetes Prow Robot
78f7217993
Merge pull request #130082 from elizabeth-dev/replace-network-e2e-replicationcontrollers-4 
test(network): replace RCs with Deployments in util function jig.Run
 2025-02-15 07:44:21 -08:00
Keisuke Ishigami
6b16f05148 modify SchedulerCacheSize field comment because it will be removed at v1.34 2025-02-15 17:50:41 +09:00
Kubernetes Prow Robot
1d73c5d882
Merge pull request #130141 from pohly/dra-e2e-env-check 
DRA E2E: fix race between container start and check
 2025-02-14 21:46:20 -08:00
Kubernetes Prow Robot
8dbc6739e0
Merge pull request #130151 from marosset/windows-unit-tests-externaljwt-plugin-fixes 
fixing k8s.io/kubernetes/pkg/serviceaccount/externaljwt/plugin unit tests on Windows
 2025-02-14 13:44:20 -08:00
Tim Allclair
e52274a9e2 Don't allow resize policy mutation 2025-02-14 13:15:13 -08:00
Mark Rossetti
7a1b2aea74
fixing k8s.io/kubernetes/pkg/kubelet/apis/config/validation unit test failures on Windows 
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2025-02-14 13:09:52 -08:00
Tim Allclair
a1595d9dca Don't allow memory limit decrease unless resize policy is RestartContainer 2025-02-14 12:38:52 -08:00
Kubernetes Prow Robot
d93583654c
Merge pull request #130176 from liggitt/go-tools 
Honor KUBE_HACK_TOOLS_GOTOOLCHAIN
 2025-02-14 12:22:21 -08:00
Ed Bartosh
f6090185a8 e2e: fix node conformance flake 
The test `Pods should support retriving logs from the container
over websockets` flakes as it doesn't always wait until
container is running and is able to produce expected output.
Waiting for pod to be in the `Running` state is not enough
as it doesn't mean that container is running.

Waiting for container to be in `Running` state should fix
the test.
 2025-02-14 20:19:17 +02:00
Jordan Liggitt
0ce48b5636
Honor KUBE_HACK_TOOLS_GOTOOLCHAIN 2025-02-14 13:01:59 -05:00
Adrian Moisey
6d58125111
Bump KEP-4427 : AllowRelaxedDNSSearchValidation to Beta 2025-02-14 19:39:18 +02:00
Kubernetes Prow Robot
9f2629123f
Merge pull request #129940 from vinayakankugoyal/gen 
cleanup: Remove unused service account creation from node_authn.go
 2025-02-14 07:46:21 -08:00
Wei Fu
dc59c0246f proxy: should add PingPeriod for websocket translator 
IIUC, before using the translator handler, the ping data can be delivered from
the client to the runtime side since kube-apiserver does not parse any client
data. However, with WebSocket, the server responds with a pong to the client
without forwarding the data to the runtime side. If a proxy is present, it may
close the connection due to inactivity. SPDY's PingPeriod can help address this
issue.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
Co-authored-by: Antonio Ojea <aojea@google.com>
 2025-02-14 10:16:18 -05:00
Francesco Romani
844c2ef39d e2e: node: cpumgr: cleanup after each test case 
Our CI machines happen to have 1 fully allocatable CPU for test workloads.
This is really, really the minimal amount. But still should be sufficient for the tests to run
the tests; the CFS quota pod, however, does create a series of pods (at time of writing, 6)
and does the cleanup only at the very end the end. This means pods
requiring resources accumulate on the CI machine node.

The fix implemented here is to just clean up after each subcase.
Doing so the cpu test footprint is equal to the higher requirement (say, 1000 millicores) vs
the sum of all the subcases requirements.

Doing like this doesn't change the test behavior, and make it possible
to run it on very barebones machines.
 2025-02-14 15:45:36 +01:00
Kubernetes Prow Robot
6487606f6e
Merge pull request #130143 from saschagrunert/dmesg-root 
Use `sudo` for dmesg in hack/local-up-cluster.sh
 2025-02-14 06:08:22 -08:00
Kubernetes Prow Robot
d36737c817
Merge pull request #130164 from mimowo/deflake-job-integration-test 
Deflake the PodReplacementPolicyFeatureToggling Job integration test
 2025-02-14 04:52:21 -08:00
Michal Wozniak
f5e86dfea6 Deflake the PodReplacementPolicyFeatureToggling Job integration test 2025-02-14 12:32:51 +01:00
Kubernetes Prow Robot
c26c59a0b8
Merge pull request #130124 from marosset/windows-unit-tests-memory-manager-fixes 
fixing k8s.io/kubernetes/pkg/kubelet/cm/memorymanager unit tests on Windows
 2025-02-13 15:52:21 -08:00
Mark Rossetti
5e6611af55
fixing various unit tests on Windows that create abstract sockets 
by now having them create file-based sockets on windows/darwin

Signed-off-by: Mark Rossetti <marosset@microsoft.com>
 2025-02-13 15:41:33 -08:00
Vinayak Goyal
453e22a166 Remove unused service account creation from node_authn.go 2025-02-13 19:27:33 +00:00
Kubernetes Prow Robot
d7774fce9a
Merge pull request #129653 from danwinship/nftables-ga 
KEP-3866 nftables kube-proxy to GA
 2025-02-13 08:42:20 -08:00
Sascha Grunert
36c6c7778b
Use sudo for dmesg in hack/local-up-cluster.sh 
Kernels may have `kernel.dmesg_restrict = 1` set which requires root
access to see dmesg. We're now using `sudo` to mitigate that.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2025-02-13 16:38:51 +01:00
Dan Winship
83595f500a NFTablesProxyMode to GA 2025-02-13 10:27:14 -05:00
YamasouA
ca8a0f5f1b separete sleep func 2025-02-13 23:46:43 +09:00
YamasouA
6d291ddc21 fix lint 2025-02-13 23:41:00 +09:00
YamasouA
a9ee6bdf81 use *e.tCtx 2025-02-13 23:33:13 +09:00
YamasouA
cc87cb54ab delete unneccesary define 2025-02-13 23:13:57 +09:00
YamasouA
3ce36b3b3c rename doXXX to runXXX 2025-02-13 23:11:43 +09:00
YamasouA
d202a683f5 rename workloadExecutor member name 2025-02-13 23:04:54 +09:00
YamasouA
c40e69bb4c remove double comments 2025-02-13 23:02:41 +09:00
Rodrigo Campos
3725c6f765 pkg/kubelet: Make newTestKubeletWithImageList allocate a userns manager 
When switching the feature flag to on by default, this test was failing:

	I0213 14:42:45.311186  341895 factory.go:193] Registered Plugin "containerd"
	I0213 14:42:45.315673  341895 plugins.go:615] "Loaded volume plugin" pluginName="fake"
	I0213 14:42:45.315750  341895 kubelet_pods.go:1165] "Clean up pod workers for terminated pods"
	I0213 14:42:45.315759  341895 kubelet_pods.go:1215] "Clean up probes for terminated pods"
	I0213 14:42:45.315764  341895 kubelet_pods.go:1219] "Clean up orphaned pod statuses"
	I0213 14:42:45.315768  341895 kubelet_pods.go:1223] "Clean up orphaned pod user namespace allocations"
	--- FAIL: TestKubelet_HandlePodCleanups (0.00s)
	    --- FAIL: TestKubelet_HandlePodCleanups/missing_pod_is_requested_for_termination_with_short_grace_period (0.00s)
	panic: runtime error: invalid memory address or nil pointer dereference [recovered]
		panic: runtime error: invalid memory address or nil pointer dereference
	[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x2b14d7e]

	goroutine 142 [running]:
	testing.tRunner.func1.2({0x30b5260, 0x5cfa1e0})
		/usr/lib/go-1.23/src/testing/testing.go:1632 +0x230
	testing.tRunner.func1()
		/usr/lib/go-1.23/src/testing/testing.go:1635 +0x35e
	panic({0x30b5260?, 0x5cfa1e0?})
		/usr/lib/go-1.23/src/runtime/panic.go:785 +0x132
	k8s.io/kubernetes/pkg/kubelet/userns.(*UsernsManager).CleanupOrphanedPodUsernsAllocations(0x0, {0x5d90f80, 0x0, 0x0?}, {0xc0006a1d50, 0x1, 0x0?})
		/home/rodrigo/src/kinvolk/kubernetes/kubernetes/pkg/kubelet/userns/userns_manager.go:474 +0x9e
	k8s.io/kubernetes/pkg/kubelet.(*Kubelet).HandlePodCleanups(0xc00067c808, {0x3b876b0, 0x5d90f80})
		/home/rodrigo/src/kinvolk/kubernetes/kubernetes/pkg/kubelet/kubelet_pods.go:1224 +0x618
	k8s.io/kubernetes/pkg/kubelet.TestKubelet_HandlePodCleanups.func35(0xc0001349c0)
		/home/rodrigo/src/kinvolk/kubernetes/kubernetes/pkg/kubelet/kubelet_pods_test.go:6415 +0x72d
	testing.tRunner(0xc0001349c0, 0xc0009801b0)
		/usr/lib/go-1.23/src/testing/testing.go:1690 +0xf4
	created by testing.(*T).Run in goroutine 141
		/usr/lib/go-1.23/src/testing/testing.go:1743 +0x390
	exit status 2
	FAIL	k8s.io/kubernetes/pkg/kubelet	0.029s

The issue is that no userns manager is allocated in the FakeKubelet.
Let's allocate one.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-02-13 15:00:07 +01:00
Rodrigo Campos
96c2b81670 features: Enable user namespaces by default 
The feature gate UserNamespacesSupport is enabled by default now
(KEP 127): https://github.com/kubernetes/enhancements/pull/5118.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2025-02-13 15:00:07 +01:00